Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Office365 Integration

      A step-by-step guide to AgileBlue's Office365 integration.

      Overview

      The AgileBlue Cyber SOC has the ability to collect log files from Office365. These logs empower AgileBlue to monitor and alert on potentially suspicious activity happening in your Office365 environment. For this to work, you will need to configure a few things within your Azure/O365 tenant. This document will walk you through that process.

      Please note: Auditing must be enabled for your organization in order to ensure data collection. For more information, click here.

      Configure Your Azure Application

      1. Log in to the Azure Portal using your Global Administrator credentials. (E.g. an account that is marked as Global Administrator.)
      2. Navigate to the Microsoft Entra ID under Azure services
      3. Select App Registrations in the left-hand menu
      4. Click New registration
      5. Configure the options for this App Registration as shown below:
        1. Name: AgileBlue Collection Service
        2. Supported account types: Accounts in this organizational directory only (Your tenant only - Single tenant)
        3. Redirect URI: No value/not needed
      6. Select View API permissions
      7. Click on Add a permission
      8. On the pop out, select Office365 Management APIs
      9. Select Application permissions
      10. Under Office365 Application APIs Application permissions, expand and check the following options:
        1. ActivityFeed.Read
        2. ActivityFeed.ReadDlp
      11. Click Add permissions at the bottom of the pop out to save your changes
      12. For PLUS and PRO subscribers, additional permissions must be configured to grant the AgileBlue team the ability to disable and enable user accounts. Click here to learn more.
      13. Select Grant admin consent for [your tenant name]

      Create Client Secret Key & Collect Account Details


      1. Select Certificates & secrets from the left-hand menu
      2. Once the page loads, click New client secret
      3. On the pop out that appears, provide a Description of AgileBlue Collection Service and select your desired timeframe for expiration
        1. Please note this expiration date – if it is provided to the AgileBlue team, we will proactively reach out for an updated value two weeks ahead of the expiration
      4. Click Add

        CAUTION! Depending on your version of Azure/Office365 and/or your security configurations, you may only have ONCE CHANCE to grab this value. Be sure to copy this value and store it somewhere safe immediately.

      5. Copy the Secret Value to a secure location
        1. NOTE: The Secret Value is different than the Secret ID. The required value may have numbers, letters, and special characters. The Secret ID will only include numbers, letters, and hyphens. Please ensure the Secret Value is collected, not the Secret ID.
      6. Navigate back to the Overview page and copy the following values:

        1. Application (client) ID

        2. Directory (tenant) ID

      Submitting Sensitive Data

      The final step is to submit these sensitive details to AgileBlue. Once ready, please email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:

        1. Secret Value
        2. Application (client) ID
        3. Directory (tenant) ID
        4. Secret Value expiration date

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨