|
Cloud Directory Services Audit Configuration
Azure Active Directory
Azure AD can be audited by ADAudit Plus via two methods:
1. Via Azure AD API (Reporting API).
2. Via Office365 Management API (Reporting API).
1. Via Azure AD API
Licensing criteria:
- Activity(Management) logs does not require Azure license.
- Sign in logs require Azure AD premium license.
How to configure in ADAudit Plus:
- Go to Configuration tab, select Cloud Directory, click Add Tenant.
- Select Audit via Azure.
- Enter your tenant name(my_org.onmicrosoft.com), client ID, client secret.
- Click on Add.
How to get client ID and client secret for configuring in ADAudit Plus:
- Add a new application in Azure AD (For reporting
API).
- On your Azure AD platform, click on App Registrations -> New Application Registration.
- Fill in a valid Name (Example: Reporting API Application).
- Click on Register.
- Grant appropriate permissions to the created app:
- Click Azure Active Directory -> App Registrations -> Select your application -> API permissions(Example: Reporting API Application)
- Select required permissions
- Use Azure Active Directory Graph API (Default)
- Click Add permission
- Select the API Azure Active Directory Graph -> Application permissions
- Select Directory -> Directory.Read.All
- Click on Add permissions
- Select Grant admin consent for 'tenantname'.
- Click Yes.
- Use Microsoft Graph API
- Click Add permission
- Select the API Microsoft Graph -> Application permissions
- Select AuditLog -> AuditLog.Read.All
- Select Directory -> Directory.Read.All
- Select User -> User.Read.All
- Select Application -> Application.Read.All
- Select Group -> Group.Read.All
- Select DeviceManagementApps -> DeviceManagementApps.Read.All
- Select DeviceManagementManagedDevices -> DeviceManagementManagedDevices.Read.All
- Click on Add permissions
- Select Grant admin consent for 'tenantname'.
- Click Yes.
- For auditing azure file shares: Grant appropriate role assignment for the created app:
- Click Storage accounts -> select your storage account -> click on Access Control (IAM)
- Click on Add -> Add Role Assignment
- Select Reader under Role -> Next
- Click +Select members -> select your created application (Eg: azure_client)
- Click select
- click Review + assign
- Get the client ID and client secret of the created app
- Click Azure Active Directory -> App Registrations -> Select your application(Example: Reporting API Application).
- Copy Application ID (Example: 504467c0-57ba-4b01-96c3-f40397adae69), this is your client ID.
- Click on Certificates & secrets in API access tab.
- Click on New client secret
- Enter a suitable key description and duration (Example: Description = ADAudit Plus Key, Duration = Never expires).
- Click on Add and the secret key will be generated by the portal.
- Copy the value of your secret key (Example: 14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=) , this is your client secret.
2. Via Office365 Management API
Licensing criteria:
- Requires Office365 license.
How to configure in ADAudit Plus:
- Go to configuration tab, select Cloud Directory,click Add Tenant.
- Select Audit via Office365.
- Enter your tenant name(my_org.onmicrosoft.com), client ID, client secret.
- Click on Add.
How to get client ID and client secret for configuring in ADAudit Plus:
- Add a new application in Azure AD
- On your Azure AD platform, click on App Registrations -> New Application Registration.
- Fill in a valid Name (Example: Reporting API Application).
- Click on Register.
- Grant appropriate permissions to the created app:
- Click Azure Active Directory -> App Registrations -> Select your application -> API permissions(Example: Reporting API Application)
- Select required permissions
- Click Add permission
- Select the API Office 365 Management APIs -> Application permissions
- Select ActivityFeed -> ActivityFeed.Read
- Select the API Microsoft Graph -> -> Application permissions
- Select Directory -> Directory.Read.All
- Click on Add permissions
- Select Grant admin consent for 'tenantname'.
- Click Yes.
- Get the client ID and client secret of the created app
- Click Azure Active Directory -> App Registrations -> Select your application(Example: Reporting API Application).
- Copy Application ID (Example: 504467c0-57ba-4b01-96c3-f40397adae69), this is your client ID.
- Click on Certificates & secrets in API access tab.
- Click on New client secret
- Enter a suitable key description and duration (Example: Description = ADAudit Plus Key, Duration = Never expires).
- Click on Add and the secret key will be generated by the portal.
- Copy the value of your secret key (Example: 14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=) , this is your client secret.
Microsoft Graph API Migration from Azure AD Graph API
- How to migrate existing cloud directory:
- Click on Configuration tab. Select Cloud Directory
- Click on Migrate to Microsoft Graph API
- Click Yes
- Required Permissions for application:
- Click Add permission
- Select the API Microsoft Graph -> Application permissions
- Select AuditLog -> AuditLog.Read.All
- Select Directory -> Directory.Read.All
- Select User -> User.Read.All
- Select Application -> Application.Read.All
- Select Group -> Group.Read.All
- Click on Add permissions
- Select Grant admin consent for 'tenantname'.
- Click Yes.
Migrating a O365 tenant configuration from Cmdlet to Office 365 Management API
- How to migrate an existing cloud directory:
- Click on Configuration tab. Select Cloud Directory
- From the available actions, select the Migrate Action for the tenant to be migrated
- Enter the client ID, client secret created with O365 API permissions
- Click Migrate
- Required Permissions for application:
- Click Add permission
- Select the API Office 365 Management APIs -> Application permissions
- Select ActivityFeed -> ActivityFeed.Read
- Select the API Microsoft Graph -> -> Application permissions
- Select Directory -> Directory.Read.All
- Click on Add permissions
- Select Grant admin consent for 'tenantname'.
- Click Yes.
|
|
Copyright © 2014, ZOHO Corp. All Rights
Reserved.