Enable Report Data Collection

Data in Microsoft 365

Complete the following steps to enable the report data collection:

1. Click Report Data Collection on the left pane.
2. On the Report data collection pagIe, click the Data in Microsoft 365 section, and then click Get started in the Data in Microsoft 365 pane on the right of the page.
3. In the Data in Microsoft 365 pane on the right of the page, turn on the toggle to enable the data collection.
   Note: After you enable the data collection, IBM Storage Protect for Cloud can start jobs to collect data. The first job can collect data for six days before you enable the data collection.
4. Set the scope for the tenants whose data will be displayed on reports. Select All tenants or Specific tenants. If you choose Specific tenants, select desired tenants from the drop-down list and click Apply.
5. Refer to the instructions below to select a storage type and configure the storage for storing Microsoft 365 activity data.
   • Default storage – Select this if you want to use the default Azure storage provided by IBM. To set a retention policy on the default storage, turn on the toggle, and configure the Retain data for _ Years/Months setting.
   If you want to use a custom storage, note the following before the configuration:

   • Before adding the storage account to the IBM Storage Protect for Cloud interface, ensure that IBM agents have access to your storage. For details, refer to Allow IBM Storage Protect for Cloud Agent Servers to Access Your Storage Account.
   • If the default storage is used previously, once the configuration is saved, old data in the default storage will be cleared up but won’t be moved to the new custom storage, and you cannot switch to the default storage anymore.
   • If you want to change to another custom storage, manually move the data from the old custom storage to the new one. IBM Storage Protect for Cloud does not have the permission to clear up data from the old custom storage.
   To use a custom storage, refer to the instructions below to complete the configuration:

   • Azure Storage – If you select this custom storage type, configure the settings below:
     • Account name – Enter the account name of Azure Blob Storage.
     • Access key – Enter the access key of the account above.
     • Container name – Enter the container name of the storage.
     • Send an email notification of failed connection to all service administrators – If you want to enable this notification, turn on the toggle.
6. Click Advanced settings and refer to the instructions below to complete the configuration:
   • Exclude accounts – Specify any user accounts you would like to exclude. This can be useful for filtering out service and test accounts to improve the quality and accuracy of reports. Enter one or more accounts in the format of someone@example.com, and separate each email address with a semicolon (;).
   • Policy for the activities of Microsoft 365 service accounts – If your tenant has configured a service account profile to scan Microsoft 365 objects, IBM recommends you select the Exclude activities of Microsoft 365 service accounts option to filter out activities of Microsoft 365 service accounts that are used to register objects into IBM Storage Protect for Cloud, since the action records caused by scan jobs may affect the collected data and the analysis results.
   • Filter out data on the pages that contain the URL components below – The default URL components is displayed in the textbox. If necessary, you can modify the URL components in the textbox. By default, only View activities on the pages will be filtered out. If you want to filter out all activities, select All activities.
   • Send an email notification when no data is collected – IBM Storage Protect for Cloud collects data every day. If you want to enable this notification, turn on the toggle and set a period by selecting a number from the drop-down list. Then, select email recipients from the following:
     • Service administrators in IBM Storage Protect for Cloud
     • Custom recipients (select an email profile)

       If you select this option, select an email recipient profile or click Create from the drop-down list to create one. For details about managing email recipient profiles, refer to Email Recipient Profile.

   • Exclude non site audit data in specific containers (only for the SharePoint Online data source) – When this option is enabled, only the site audit data in the specific containers for SharePoint sites or OneDrive will be collected. If you want to enable this option, turn on the toggle, click Choose containers to specify containers, and then click Save.
     Note: The site audit data will be collected based on the ObjectId property (the full URL path name of the file or folder accessed by a user), and the containers are configured in Auto discovery. For additional information on the other audit data (e.g. SearchQueryPerformed) in SharePoint Online and OneDrive, refer to the Microsoft article: Audit log activities.
   • Export Microsoft 365 tenant activity data to Azure SQL database – With this setting enabled, the data will be exported to your Azure SQL database every hour. If you want to enable this setting, turn on the toggle and provide the following information:
     • Server name – Enter the name of the SQL server where the SQL database is located.
     • Database name – Enter the name of the SQL database you prepared.
     • Username – Enter the username of an account that has the db_owner role to the database.
     • Password – Enter the password of the account above.
7. Click Save to save your edits, or click Cancel to go back to the Report data collection page without saving any changes.