Validating and granting access to the user

To safeguard against unauthorized access to the MS Office 365 application that the agent monitors, you need to validate the user and grant access to the MS Office 365 application.

Before you begin

Ensure that the user, who starts Microsoft Office 365, has the subscription ID and administrator rights.

About this task

You can validate the user and grant application access by adding the following user details to the agent configuration file:
  • Tenant ID
  • Client ID
  • Secret ID

Procedure

To validate and grant access to the user, follow these steps:

  1. Log in to Microsoft Office 365 by specifying your subscription credentials.
  2. Click Microsoft 365 admin center. The Microsoft 365 admin center page opens.
  3. In the left pane, click Azure Active Directory. The Azure Active Directory admin center page opens.
  4. Click App registration.
  5. Click New registration and enter any name of the application, for example, Office365API, and select the Supported account type and click Register.
    After registration, you will get the Application (client) ID and Directory (tenant) ID.
  6. To generate the secret key, click Certificates & Secrets> New Client Secrete. The Add a client secret window opens.
  7. Enter the Description name, select Expires option as Never, and click Add. You get a Secret key. Copy the secret key for user configuration as it is stored in the encrypted format later.
  8. To give permissions to access the API, click API permissions > Add a permission > Office 365 Management APIs, and select Application permissions.
    Note: Applications are authorized to call APIs when they are granted permissions by users or administrators as part of the consent process.
  9. Select the required permission and click Add permissions.
  10. To provide grant admin for APIs, click Grant admin consent.
  11. Click Yes when you see the status as Granted for domain.
  12. To add user details, such as Client ID, Tenant ID, and Secret ID to the configuration file, follow these steps:
    1. Go to the agent installer folder, for example, <APM Home\TMAITM6_x64.
    2. In the installer folder, open the kmoOffice365CDP.exe.config file and add the Client ID, Tenant ID, and Secret ID values that are generated from the Azure portal as mentioned in steps 1 - 8.
      For example, 
      <add key="Office365ServiceAPIConnectionServiceUrl" value="https://manage.office.com/api/v1.0/#TenantID#/ServiceComms" />
<add key="AuthURL" value="https://login.microsoftonline.com/#TenantID#/oauth2/v2.0/token"/>
<add key="Client_id" value="702ce315-f8dd-4775-91d9-c7c7ec376835"/>
<add key="Client_secret" value="42_mW-xp-2xLkv~2dH8sDj6.wURkaok0re"/>
  13. Save the kmoOffice365CDP.exe.config file.
  14. If the user has multi-factor authentication (MFA), then skip the authentication by disabling the second-level (Mobile/ App) authentication from the Azure portal. To disable the second-level authentication, follow these steps:
    1. Go to Microsoft 365 admin center.
    2. Click Azure Active Directory > Properties > Manage Security default > Enable Security defaults.
    3. Select No, and click Save.
  15. Reconfigure the agent.