Adding data from Azure Active Directory services requires a creation of an Enterprise Application in the Azure Active Directory portal that will grant API access to XpoLog.
An administrator access to the Azure Active Directory portal is required to create the application and grant it the requited permissions, generate secret key, etc.
XpoLog uses the standard API calls over HTTPS (port 443) therefore that port should be open on XpoLog server(s).
Azure Active Directory portal side
Go to Microsoft Azure portal (https://portal.azure.com/) and login as administrator
Click on Azure Active Directory to open its portal:
Take a note of your Tenant ID displayed in this screen:
Application Creation - On the left navigation panel, click Enterprise applications and create a new application.
Click the 'Click here to switch to the old app gallery experience' - Name it (XPLG_INTEGRATION for example) and select the option 'Register an application you're working on to integrate with Azure AD'
Click create to create application:Select 'Application you're developing':
Click the link 'Ok, take me to App Registrations to register my new application' link
Click the 'New Registration' - name your application (XPLG_INTEGRATION for example) and click Register.
The application will be created and registered:- You will be redirected to the Application's portal:
- Take a note of the Application (client) ID:
- Application Secret (Authentication) - On the left navigation panel - click Certificates and Secrets, add a new client secret set desired expiration), and take a note of the created secret value:
- Take a note of the Application (client) ID:
Application Permissions - Click API permissions
Click Add a permission
Click Office 365 Management APIs and add these permissions:
Under Delegate (search the below values, select them and click the Add permissions button):
ActivityFeed.Read
ActivityReports.Read
Under Application (search the below values, select them and click the Add permissions button):
ActivityFeed.Read
ActivityFeed.ReadDlp
Click on Microsoft Graph and add these permissions:
Under Delegate (search the below values, select them and click the Add permissions button):
AuditLog.Read.All
Under Application (search the below values, select them and click the Add permissions button):
AuditLog.Read.All
Click on Grant admin consent for… button
The final view should look like:
XpoLog side
To add a your Azure Active directory data into your XpoLog system:
- In Add Data pane click on Azure Active Directory. The Source and Collection Setting wizard opens.
- To change a log source, near Source Type, click on the Change button.
- Azure connectivity:
- In the Client ID, enter your client ID (see above section 9.a. - Application (Client) ID).
- In the Client Password, enter your password (see above section 9.b. - client secret value).
- In the Tenant ID, enter your tenant ID (see above section 3).
- Click verify to ensure connectivity:
- Save and click next.
- In the Time To Retrieve, select the default past time to retrieve data from the selected Azure services.
- Select the Services you wish to collect data from the available services list (by moving the desired services to the right hand side).
- Click DONE – XpoLog applies an automated pattern on the incoming log. Verify that data is displayed and parsed properly.
- Click SAVE and follow one of the following:
Save & Close – XpoLog saves the new log and points to the logs tree. locate the log in the logs tree and enter the viewer in order to view the log.
Save & Add Another – XpoLog saves the new log and points to Add Log screen so that you may another log.
Optionally, defining the basic information of the new log (see Setting Log General Information).