search
TD Website

Microsoft 365 Integration

This guide walks you through enabling Microsoft 365 API access in ThreatDefence SIEM.

Requirements:

  • Access to Microsoft 365 services (Microsoft 365 Compliance Center, Azure Active Directory)

  • Any O365 licensing tier is supported.

hashtag
Step 1: Enable Auditing in Microsoft 365

To enable auditing, follow standard procedures to turn auditing on or offarrow-up-right.

hashtag
Step 2: Register an Application in Entra ID

  1. Download ThreatDefence's EntraID Integration Certificate: Download Certificatearrow-up-right

  2. Sign in to the Entra ID portalarrow-up-right.

  3. Navigate to Microsoft Entra ID.

  4. Select App registrations and click New registration.

  5. Fill in the required information and click Register.

  6. Make note of the Application (client) ID and Directory (tenant) ID for later use.

  7. Navigate to Certificates & secrets.

  8. Click Upload Certificate.

  9. Upload the certificate downloaded in step 1 and press Add.

hashtag
Step 3: Grant API Permissions

  1. After creating the application ID and secret, grant permissions to access the Office 365 Management APIs.

  2. Navigate to API permissions and select Office 365 Management APIs.

  3. Select Application permissions and enable the following:

  1. Click Grant admin consent and confirm.

hashtag
Step 4: Configure ThreatDefence SIEM

  1. Log in to the ThreatDefence SIEM Portal.

  2. Go to Deployments > Integrations.

  3. Click Add and select Microsoft 365.

hashtag
Step 5: Add Microsoft Graph Integration

For advanced security auditing, Defender event ingestion, and user isolation features, complete the Microsoft Graph API Integration.

PreviousPrerequisitesNextMS365 Graph API

Last updated