fbpx
Back Arrow Back to All Integrations

Microsoft Office 365

Microsoft Office 365

Cloud SIEM for Microsoft Office 365

Email services and productivity tools such as Microsoft Office 365 are often targeted due to the amount of sensitive information stored in these systems, but also because they can be a gateway to other systems through password resets using email.

Blumira integrates with Microsoft Office 365 productivity suite to stream Office 365 security event logs and alerts to the Blumira service for threat detection and actionable response. Blumira protects Microsoft Office 365 productivity suite by streaming O365 security events, logs, and alerts to the Blumira service which we then apply threat intelligence on to automatically detect suspected threats and deliver an actionable response.

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

Free Trial

To send Office 365 audit logs to Blumira, follow these steps:

  • Go to office.com and log in.
  • Navigate to the Microsoft Admin Center
  • Select Azure Active Directory
  • Select All Services (in left panel) > Azure Active Directory.
  • Click on “App Registrations” in second-to-left panel.

  • Click “Register an Application” button or “+ New Registration” button.
  • Enter name, such as “Office 365 Audit Logs to Blumira”.
  • Choose “Accounts in THIS organizational directory only”
  • Leave Redirect URI empty.
  • Click “Register” button.
  • Make a note of the client ID and tenant ID as you will need these later.
    • The “Application (client) ID” value is used for the “App Client ID” Module Configuration.
    • The “Directory (tenant) ID” value is used for the “Tenant ID to monitor” Module Configuration.

  • Click “API permissions” in second-to-left panel
  • Click “Add a Permission” button
  • Click “Office 365 Management API”
  • Click “Application Permissions”
  • Expand ActivityFeed, and check ActivityFeed.Read, ActivityFeed.ReadDlp
  • Click “Add permissions” button (at bottom).

  • Click “Grant admin consent” button.
  • Remove delegated User.Read permission (which is added by default)
  • Click “Certificates & secrets”
  • Click “New client secret” button
  • In the Description field, type a descriptive name such as “Blumira sensor” or leave it blank.
  • Choose any timeframe you’re comfortable with (up to 24 months) – Be sure to set a reminder to update this when it expires
  • Click Add.
  • Make a note of the client secret as you will need this later.
      • The “Client Secret” value is used for the “App Client Secret” Module Configuration.

On the Blumira side, configuration is easy:

  1. Log in to app.blumira.com
  2. Go to Infrastructure / Sensors
  3. Click on the sensor where you want to poll for Office 365 audit logs.
  4. Scroll down to the Modules section and click Add Module.
  5. Choose Office 365 Module (Sensor Office 365 Module)
  6. Enter in the parameters you noted down while configuring Office 365.
  7. Click Install.

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

Free Trial