HTTP Status code 401

Symptoms

Error: "Status Code: 401 | Status Reason: Unauthorized"

Error: "Invalid Office 365 User Account E-mail or Password"

Error: <A response received from the Office 365 Message Trace REST API displays>

Causes

QRadar connected to the Office 365 Message Trace protocol, but because of invalid user credentials, it could not authenticate.

Resolving the problem

To resolve your HTTP Status code 401 error, verify that the following conditions are met.
  1. Verify that your Office 365 email account username and the account password are valid.
  2. Check if your Microsoft security settings are blocking access to the Office 365 Message Trace REST API.

    To use the Office 365 Message Trace REST API, you need access to the Reporting Web Services legacy authentication protocol.

    For more information about blocking and unblocking legacy authentications, see How to: Block legacy authentication to Azure AD with Conditional Access (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication#indirectly-blocking-legacy-authentication). If you need assistance with configuring Azure AD with Conditional Access, contact Microsoft Support.

    For more information about creating Conditional Access policies for users and groups, see Conditional Access: Users and groups (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-users-groups).

    For more information about creating Conditional Access policies for Cloud apps or actions, see Conditional Access: Cloud apps or actions (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps).

    For more information about granting or blocking access to resources with a Conditional Access policy, see Conditional Access: Grant (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant).