Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Office365 Integration

      A step-by-step guide to AgileBlue's Office365 integration.

      Overview

      The AgileBlue Cyber SOC has the ability to collect log files from Office365. These logs empower AgileBlue to monitor and alert on potentially suspicious activity happening in your Office365 environment. For this to work, you will need to configure a few things within your Azure/O365 tenant. This document will walk you through that process.

      Please note: Auditing must be enabled for your organization in order to ensure data collection. For more information, click here.

      Configure Your Azure Application

      1. Log in to the Azure Portal using your Office365 Global Administrator credentials. (E.g. an account that is marked as Global Administrator.)
      2. Navigate to the Azure Active Directory option in the menu
      3. Select App Registrations in the left-hand menu
      4. Click New registration
      5. Configure the options for this App Registration as shown below:
        1. Name: AgileBlue Collection Service
        2. Supported account types: Accounts in this organizational directory only (Your tenant only - Single tenant)
        3. Redirect URI: No value/not needed
      6. Select View API permissions
      7. Click on Add a permission
      8. On the pop out, select Office365 Management APIs
      9. Select Application permissions
      10. Under Office365 Application APIs Application permissions, expand and check the following options:
        1. ActivityFeed.Read
        2. ActivityFeed.ReadDlp
      11. Click Add permissions at the bottom of the pop out to save your changes
      12. For PLUS and PRO subscribers, additional permissions must be configured to grant the AgileBlue team the ability to disable and enable user accounts. Click here to learn more.
      13. Select Grant admin consent for [your tenant name]

      Create Client Secret Key & Collect Account Details


      1. Select Certificates & secrets from the left-hand menu
      2. Once the page loads, click New client secret
      3. On the pop out that appears, provide a Description of AgileBlue Collection Service and select Never for expiration
        1. If never is not an available option, we recommend selecting 24 months. If that's the case, please note the expiration date. A new secret will need to be generated and provided to AgileBlue at that time.
      4. Click Add

        CAUTION! Depending on your version of Azure/Office365 and/or your security configurations, you may only have ONCE CHANCE to grab this value. Be sure to copy this value and store it somewhere safe immediately.

      5. Copy the Secret Value to a secure location
      6. Navigate back to the Overview page and copy the following values:

        1. Application (client) ID

        2. Directory (tenant) ID

      Submitting Sensitive Data

      The final step is to submit these sensitive details to AgileBlue. Once ready, please email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:

        1. Secret Value
        2. Application (client) ID
        3. Directory (tenant) ID
        4. Tenant Name (Ex. Agileblue.onmicrosoft.com)

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨