Configuring using a Microsoft 365 license
To audit your Azure AD (renamed as Entra ID) environment using a Microsoft 365 license, ADAudit Plus uses the Microsoft 365 Management API for all installations after ADAudit Plus build 7050.
Privileges required while using Microsoft 365 Management API
- Microsoft Graph API > Directory.Read.All
- Office 365 Management API > ActivityFeed.Read
Register an application
Register an application in the Azure portal, using these steps:
- Go to the Azure portal, and sign in using your Microsoft account.
- Select the Azure Active Directory service from the Azure services top pane.
- Go to Manage > App registrations > + New registration to open the Register an application window.
- Enter the application name, for example, ADAudit Plus Application.
- Ensure that Accounts in this organizational directory only (zohoadapazure only - Single tenant) is selected under Supported account types.
- Click Register.
Grant minimum privileges required for Microsoft 365 Management API
Grant the necessary privileges using Microsoft 365 Management API, using these steps:
- Go to the Azure portal, and sign in using your Microsoft account.
- Select the Azure Active Directory service from the Azure services section.
- Go to Manage > App registrations. Select your application under Owned applications.
- Go to Manage > API permissions and select + Add a permission to open the Request API permissions window.
- Select Office 365 Management APIs.
- Choose Application permissions.
- In the Request API permissions window, select Application permissions, then check the ActivityFeed.Read box under ActivityFeed. Select Add permissions.
- Once again, go to Manage > API permissions > + Add a permission.
- Select Microsoft Graph in the Request API permissions window.
- Select Application permissions.
- Check the Directory.Read.All box under Directory. Select Add permissions.
- Select Grant admin consent for <tenant name>.
- Click Yes.
Obtain client ID and client secret
- Go to the Azure portal, and sign in using your Microsoft account.
- Select the Azure Active Directory service from the Azure services section.
- Go to Manage > Certificates & secrets.
- Click + New client secret.
- Type in the description and the expiration date.
- Click Add.
- Copy the client secret value (e.g., 14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=).
- Go to Manage > App registrations. Select your application under Owned applications.
- Navigate to Application (client ID) and click Copy to clipboard.
Setting up Azure AD in ADAudit Plus
- Open the ADAudit Plus web console.
- Go to Configuration > Configured Server(s) > Cloud Directory.
- Select + Add Tenant.
- Select Audit via Office 365.
- In the Cloud Directory window, enter the Tenant Name, Client ID, and Client Secret.
Note: To obtain the tenant name:
- Go to the Azure portal, and sign in using your Microsoft account.
- Search for and select Microsoft Entra ID.
- Go to Manage > Custom domain names.
- Click Add filter, under Filter, select Primary from the dropdown, and under Value, select Yes from the dropdown.
- Copy the name of the primary domain that is displayed and paste it in the Tenant Name field.
- Click Add.
Privileges required for Office 365 cmdlet configuration
ADAudit Plus uses the below-listed APIs to audit Azure AD.
- Office 365 Management API for all installations after ADAudit Plus build 7050.
- PowerShell cmdlets (unified audit log) for tenants who configured Azure AD via Office 365 before ADAudit Plus build 7050.
Note: ADAudit Plus strongly recommends using Office 365 Management API to obtain Azure AD events. For tenants still using PowerShell cmdlets, you can update your configuration by migrating O365 cmdlet configuration to Office 365 Management API configuration. You can find the steps to do it here.
Check and migrate O365 cmdlet configuration to M365 API configuration
- Open the ADAudit Plus web console.
- Go to Configuration > Configured Server(s) > Cloud Directory.
- Under the Actions column in the report, select the Migrate icon.
Note: This is only necessary for tenants who configured Azure AD via O365 before build 7050. This feature will be available once the users upgrade to build 7050 or above.
- In the Migrate to M365 API window that opens, enter the Client ID and Client Secret generated previously.
- Click Migrate.
If you still want to use O365 cmdlet configuration and you are using an ADAudit Plus build lower than 7050, you can find the privileges required below:
Required role |
Permission |
Global administrator |
Compliance Management (Audit Logs) |
Organization Management (View-Only Audit Logs) |
Listed below are the system specifications required:
i. Microsoft .NET Framework 4.0
To check whether .NET Framework 4.0 is installed:
ii. PowerShell version 3
To check whether PowerShell is installed:
- Go to Start > Run.
- Type in PowerShell.
- If PowerShell is installed, check for its version number by typing in the following query in the command prompt: $PSVersionTable.
- If PowerShell is not installed or if the existing PowerShell version is below 3, you can install or upgrade to version 3 from here.
iii. Azure AD module for Windows PowerShell
To check whether the Azure AD module is installed:
- Go to Start > Run
- Type in PowerShell.
- Type in the query get-module -Name AzureAD. This will list the module if it's already installed. In case it's not, install the module by running the PowerShell cmdlet Install-Module Azure AD.
Notes:
- Gain a correlated view of your hybrid AD environments by configuring both Azure AD and on-premises AD domain details in ADAudit Plus.
- This Azure AD module is available only in the 64-bit version of Windows.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding