Versions Compared

Old Version 4

changes.mady.by.user Noga Aviram (Unlicensed)

Saved on

compared with

New Version 5

changes.mady.by.user Noga Aviram (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Adding data from Azure Active Directory services requires a creation of an Enterprise Application in the Azure Active Directory portal that will grant API access to XpoLog.
An administrator access to the Azure Active Directory portal is required to create the application and grant it the requited permissions, generate secret key, etc.

...

Azure Active Directory portal side

  1. Go to Microsoft Azure portal (https://portal.azure.com/) and login as administrator.

  2. Click on Azure Active Directory to open its portal:
    Image Modified

  3. Take a note of your Tenant ID displayed in this screen:
    Image Modified

...


  2. Application Creation - On the left navigation panel, Enter to 'Enterprise Applications' and Click the 'Create your own application'.

    Image Modified


  3. After the creation, navigate to 'App registrations', Click the 'New Registration' - name your application (XPLG_INTEGRATION for example) and Register.
    The application will be created and registered:
    Image Modified

  4. You will be redirected to the Application's portal:

    1. Take a note of the Application (client) ID:

      Image Modified

    2. Application Secret (Authentication) - On the left navigation panel - click 'Certificates & Secrets', add a new client secret and take a note of the created secret value:

...

    1. Image Added

  2. Application Permissions -

...

  1. Enter to ‘API permissions’, Click on Add a permission

...

  1. :

    Image Added

    1. Choose the ‘Office 365 Management

...

    1. APIs’ box and add the following permissions:

...

    2. Under Delegate (search the below values, select them and click the Add permissions button):

      1. ActivityFeed.Read

      2. ActivityReports.Read

    3. Under Application (search the below values, select them and click the Add permissions button):

      1. ActivityFeed.Read

      2. ActivityFeed.ReadDlp

  2. Click on 'Microsoft Graph' and add these permissions:

    1. Under Delegate (search the below values, select them and click the Add permissions button):

      1. AuditLog.Read.All

    2. Under Application (search the below values, select them and click the Add permissions button):

      1. AuditLog.Read.All

  3. Click on Grant admin consent for… button

  4. The final view should look like:
    Image Modified

XpoLog side

To add a your Azure Active directory data into your XpoLog system:

  1. In Add Data pane click on Azure Active Directory. The Source and Collection Setting wizard opens.

    • To change a log source, near Source Type, click on the Change button.

  2. Azure connectivity:

    1. In the Client ID, enter your client ID (see above section 9.a. - Application (Client) ID).

    2. In the Client Password, enter your password (see above section 9.b. - client secret value).

    3. In the Tenant ID, enter your tenant ID (see above section 3).

    4. Click verify to ensure connectivity:

      Image Modified

  3. Save and click next.

  4. In the Time To Retrieve, select the default past time to retrieve data from the selected Azure services.

  5. Select the Services you wish to collect data from the available services list (by moving the desired services to the right hand side).

  6. Click on the grey box under 'Collection Settings', Open the 'Regional Settings' and change the Log time zone to 'Default [UTC]':

...

7. Click DONE – XpoLog applies an automated pattern on the incoming log.

...