Microsoft Office 365 Message Trace

The IBM QRadar DSM for Microsoft Office 365 Message Trace collects JSON events from a Microsoft Office 365 Message Trace by using the Office 365 Message Trace API protocol.

To integrate Microsoft Office 365 Message Trace with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the IBM® support website (http://www.ibm.com/support):
    • Microsoft Office 365 Message Trace DSM RPM
    • Protocol Common RPM
    • Office 365 Message Trace API protocol RPM
  2. Add a Microsoft Office 365 Message Trace log source by using the Office 365 Message Trace REST API protocol on the QRadar Console. The Office 365 Message Trace REST API protocol supports both modern and basic authentication. Modern authentication uses OAuth 2.0 to authenticate and authorize access to the resource, while basic authentication uses a username and password.
    Important: As of 1 January 2023, Microsoft will no longer support basic authentication. To continue receiving Message Trace events, you must use modern authentication. Modern authentication uses OAuth 2.0 to authenticate and authorize access to the events. For more information about the deprecation of basic authentication, see Basic Authentication Deprecation in Exchange Online – September 2022 Update (https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437).