HTTP Status code 401
Symptoms
Error: "Status Code: 401 | Status Reason: Unauthorized"
Error: "Invalid Office 365 User Account E-mail or Password"
Error: <A response received from the Office 365 Message Trace REST API displays>
Causes
QRadar connected to the Office 365 Message Trace protocol, but because of invalid user credentials, it could not authenticate.
Resolving the problem
- Verify that your Office 365 email account username and the account password are valid.
- Check if your Microsoft security settings are
blocking access to the Office 365 Message Trace REST API.
To use the Office 365 Message Trace REST API, you need access to the Reporting Web Services legacy authentication protocol.
For more information about blocking and unblocking legacy authentications, see How to: Block legacy authentication to Azure AD with Conditional Access (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication#indirectly-blocking-legacy-authentication). If you need assistance with configuring Azure AD with Conditional Access, contact Microsoft Support.
For more information about creating Conditional Access policies for users and groups, see Conditional Access: Users and groups (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-users-groups).
For more information about creating Conditional Access policies for Cloud apps or actions, see Conditional Access: Cloud apps or actions (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps).
For more information about granting or blocking access to resources with a Conditional Access policy, see Conditional Access: Grant (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant).