O365 Management API
The purpose of this doc is to outline the customer-performed steps involved in implementing LOG ingestion from the Office 365 Management API.
- Set up a new Azure App
Login to https://portal.azure.com
Add new App Registration
<https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
Or go to “All Services” and search for “App Registrations”
Give the app a name [eg.“Pondurance-O365-API”], choose Web/, and enter any dummy URL for the Sign On URL since we will not be signing in to this app directly [eg. “https://pondO365.com"].
-
Add the Public cert (provided with these instructions) to the newly created app
a. Click on “Certificates & Secrets”
b. Add/Upload the Cert provided
c. Copy the Thumbprint that populates after adding the cert.
3) Give your app access to the Office 365 Management API. Click “API permissions” then “Add a Permission”
a) Select Office 365 Management APIs.
b) Choose “Application permissions”
c) Select the relevant data you want to share (typically, select ALL)
d) If you have tenant admin rights, in the Configured Permissions, select “Grant admin consent for Pondurance”. If not, you will need to have a tenant admin grant your app the permissions you just selected.
-
Provide Pondurance with the following information from the app:
a. APPLICATION-ID (Found in App Overview)
b. TENANT-ID (Found in App Overview)
c. PUBLIC-KEY-THUMBPRINT (found in Certificates & Secrets after uploading the Cert)
- Add the provided json text blob to the manifest.
(Note: the json block shared has the comma at the end of the file - so depending on where in the manifest this goes (and what follows it), it may or may not need that comma.)
Alternatively, use the “Download” feature and sent the Manifest to Pondurance. We will add the text blob, save it, and send it back – then it can be “Uploaded”.