AlienVault® USM Anywhere™

AlienApp for Office 365 Requirements

Before you can configure and use the AlienApp for Office 365, you must make sure that your Office 365 environment is set up to support Office 365 Management API calls through Azure Active Directory (AD)Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. and mailbox auditing.

Office 365 Account Privileges

To access Office 365 Management APIs (such as mail, contacts, calendar, and files), you must have an Office for 365 business account with global administrator privileges.

To determine which Office 365 business product you have, refer to the Microsoft Support article.

Note: An Office 365 Developer account is available free of charge from Microsoft if you have an MSDN subscription (see redeem your Office 365 Developer account benefit) or as a 30-day free trial (see Office 365 Enterprise E3 Developer Trial).

After you complete the signup process, the browser displays the Office 365 installation page. Click the Admin icon to open the admin center page.

Azure AD Registration

AlienApp for Office 365 configuration includes creating an Active Directory application in Azure AD. This application securely authenticates the AlienApp for Office 365, so that it can access and collect the data according to the services and permission levels that you define. This function requires that your Office 365 account is associated with a Microsoft Azure subscription.

Important: If you do not already have a Microsoft Azure subscription, you must create one. The subscription is required to register an app in Azure AD for your Office 365 account.

When Azure AD is associated with your Office 365 account, you can use the management portal in Microsoft Azure to manage users, roles, and apps.

Mailbox Auditing

To collect mailbox access activity in your Office 365 environment, you must enable mailbox audit logging. Microsoft mailbox auditing logs actions performed by mailbox owners, delegates, and administrators. Mailbox auditing in Office 365 is turned on by default starting in January 2019. See the Microsoft Support article for detailed information.

Important: Enabling mailbox auditing requires that you can connect to Exchange Online PowerShell. See Using PowerShell with Exchange Online on the Microsoft site for more information.

It is a best practice to enable global audit logging, including non-owner mailbox access on every mailbox in your tenancy. You can use the following command to enable this auditing.

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"}| Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 365 -AuditOwner Create,HardDelete,MailboxLogin,MoveToDeletedItems,SoftDelete,Update

Audit Log Search

Office 365 audit logging records almost every major action, including Office 365 logins, viewing documents, downloading documents, sharing documents, setting changes, and password resets. Office 365 includes the Security & Compliance Center to support search capabilities for these logs. This can be very helpful if you need to compare the events generated in USM Anywhere using the AlienApp for Office 365 with the information logged in the Office 365 environment.

This feature is usually enabled by default. However, if it has been disabled, it can be difficult to troubleshoot potential issues with AlienApp for Office 365 log collection. For more information about enabling this feature, refer to the Microsoft Support article.

Note: Turning on the audit log search in the Office 365 Security & Compliance Center is required only to use that administrative feature in Office 365. It is not required for the AlienApp for Office 365 to use the Office 365 Management Activity API to access auditing data for your organization.