Troubleshooting the Office 365 Message Trace REST API protocol

To resolve issues with the Office 365 Message Trace REST API protocol, use the troubleshooting and support information. Find the errors by using the protocol testing tools in the QRadar Log Source Management app.

General troubleshooting

The following steps apply to all user input errors. The general troubleshooting procedure contains the first steps to follow any errors with the Office 365 Message Trace REST API protocol.

  1. If you use QRadar® 7.3.2, software update 3 or later, run the testing tool before you enable the log source. If the testing tool doesn't pass all tests, the log source fails when enabled. If a test fails, an error message with more information displays.
  2. Verify that the selected Event Collector can access the reports.office365.com host. This protocol connects by using HTTPS (port 443).
  3. Verify that the Office 365 email account username and password are valid.
  4. Ensure that the Office 365 email account has the correct permissions. For more information, see Office 365 Message Trace protocol FAQ.
  5. Ensure that your access is not blocked to the Reporting Web Services legacy authentication protocol. For more information, see HTTP Status code 401.
  6. Reenter all fields.
  7. If available, rerun the testing tool.