Splunk has add-ons that can connect to the Office Management Activity API, as well as pull data from the message trace logs. Select the Azure Active Directory menu blade. Select New Application Registration. Copy and save the Application ID, as it will be used during the Splunk add-in configuration. Select the Settings gear icon on the App registration page. Select Reply URLs. On the Settings blade, select Keys.

Enter a Descriptionselect an expiration from the drop-down, and then click save to generate a key value. Copy the value and save it for later. Once you close the Keys blade, the value will be no longer displayed.

Close the Keys blade. A certificate is necessary to enable inter-service calls. Having a certificate in-place will allow you to not have to manage authorization token expiration or events though, you may at some point, have to manage a certificate rollover. Now, for the good stuff. Helping companies conquer inferior technology since I spend my time developing and implementing technology solutions so people can spend less time with technology. View all posts by Aaron Guilmette.

Splunk has updated their plug-ins, so now I need to go back and re-create it. I was thinikng there was a option The OAuth 2. But, in the new app there is no such a option available. The input definition already knows the endpoint. The input will poll the management activity API. Nice, detailed article. Will this lead to Azure cost, due to the app registration and network traffic? You must be logged in to post a comment. This site uses Akismet to reduce spam.I love automating things, I have read somewhere, a good developer always tries to automate things, but in my case, I am just lazy, so I try to automate!

I was working towards a single resource which I can use to answer questions related to Power BI Tennant.

Splunk Add-on for Microsoft Cloud Services

I would recommend reading those posts as they cover how I created Azure Authorization Token a bit more in detail. Among all Office API was a bit forgiving one. To get data from API, you first need to enable a subscription. The first thing is to get authorization token. Getting started with Office management API explains how authentication works. Then starting a subscription. But below is the query I used to start the subscription. When I run this script, it returns an error, but subscription was any way enabled.

About: Office 365 Management Activity API

Well, I still have many unanswered questions, but this does help me in many ways. Using this template I can see the user behaviour, not only how many views etc. For example, in a certain workspace, if most of the users are exporting the report, then users are not happy with the way I presented the data. I can see when a Power BI App created or updated.

I can see how many users are printing the report, if many people are printing reports, probably I should not use many bookmarks, drill through functionality and add more Titles. There are many things I learned doing this process, PowerQuery Web.

Next, data is always only for 24 hours, this is a limitation from API and I can go back to 7 days only.

I ve downloaded your template and was not able to use it because i do not have a pulisherIdentifier. Could you pls explain what that information is. I have rest of the authentication except for that. Send an interactive authorization request for this user and resource.

Hi Prathy, thanks for this. Have you experienced this? I noticed when trying to determine how to visualize user counts by report taking into consideration that two workspaces may have reports with the same names.

I have not experienced that, having said that I have not worked with API lately, things may have changed. Are you working with New AppWorkspaces?

Thank you for this very useful Post, Witch kind of permission do we need to access the power bi logs using the API? When i use the admin account, my report works fine but, when i try a simple user i get an Internal Error. Hi Prathy, Thanks for the great help.

Office 365 Management Activity API reference

I have followed as like you are instructed. I get the message Web. Any idea of these error Please share. It could be anything!GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. When you create an application that needs access to secured services like the Office Management APIs, you need to provide a way to let the service know if your application has rights to access it.

Register your application in Azure AD. This allows you to establish an identity for your application and specify the permission levels it needs to access the APIs. Get Office tenant admin consent. An Office tenant admin must explicitly grant consent to allow your application to access their tenant data by means of the Office Management APIs. The consent process is a browser-based experience that requires the tenant admin to sign in to the Azure AD consent UI and review the access permissions that your application is requesting, and then either grant or deny the request.

After consent is granted, the UI redirects the user back to your application with an authorization code in the URL. Your application makes a service-to-service call to Azure AD to exchange this authorization code for an access token, which contains information about both the tenant admin and your application. The tenant ID must be extracted from the access token and stored for future use. Request access tokens from Azure AD.

Using your application's credentials as configured in Azure AD, your application requests additional access tokens for a consented tenant on an ongoing basis, without the need for further tenant admin interaction. These access tokens are called app-only tokens because they do not include information about the tenant admin. The app-only access tokens are passed to the Office Management APIs to authenticate and authorize your application.

You do this by turning on the Office audit log. For instructions, see Turn Office audit log search on or off. To register your app in Azure AD, you need a subscription to Office and a subscription to Azure that has been associated with your Office subscription. You can use trial subscriptions to both Office and Azure to get started. For more details, see Welcome to the Office Developer Program.

After you have a Microsoft tenant with the proper subscriptions, you can register your application in Azure AD. Sign into the Azure management portalusing the credential of your Microsoft tenant that has the subscription to Office you wish to use. You can also access the Azure Management Portal via a link that appears in the left navigation pane in the Office admin portal. In the left navigation panel, choose Active Directory 1.

Make sure the Directory tab 2 is selected, and then select the directory name 3. On the directory page, select Applications. Azure AD displays a list of the applications currently installed in your tenancy.

The URL where users can sign in and use your app. You can change this later as needed.Publishers note: I am posting this on behalf my colleague Jon Nordstrom who is part of the Office customer experience team. Myself and few other engineers thought you would all benefit from his knowledge of the Office management activity API.

A common question we get from organizations that move to Office is, how do I get visibility into transactions that effect the information stored in Office The security and compliance center and the Office Management Activity API provide organizations with this visibility though detailed information with regards to user, admin, system, and policy actions and events from Office and Azure Active Directory Azure AD.

Reviewing the wealth of information available via the API and the audit logs, can be challenging though. Triaging detection results manually and categorizing related activities into groups can be difficult.

The amounts of data generated from likely malicious activity can overwhelm investigators with irrelevant results. We know from experience the importance of accurate tooling, Microsoft Online Services processes petabytes of event monitoring data. When Microsoft Online Services engineering started on the journey to view detection results as graphs we found that it enabled us to:. In this first post of our two-part series we will to help you understand how you can get the data necessary to perform a security analysis of it.

The second post will focus on examples scenarios and using Power BI to visualize the data. The data stores can be removed or purged, and the solution can be disabled or removed. The sample graphs generated in this post were created with the free version of the ZoomCharts add-in for Power BI Desktop. Depending on your need there are several other graph add-ins available such as Network Navigator Chart and Force-Directed Graph.

If you already have a method for obtaining data from the Activity API such as Azure Log Analyticsthen continue to use that and access the information from Power BI which we briefly discuss in this post and go into more detail in next post. Use this as a guide to create and register an application for making calls to the Office Activity API. There are more detailed information about app registrations here.

The first step is to push the information you need to a store. You can limit the number of days and the workloads as needed. The code is created to run in two Azure Functions PowerShell is currently in preview. Remember to register a new Application in Azure Active Directory with adequate permissions before you take these steps.

By default, runtime is limited to 5 minutes for the functions running under the consumption plans, however, you can increase the runtime up to 10 minutes. An alternative is to use the App Consumption plan if you expect longer execution times. The consumption plans typically cover the need for retrieving the event data. Name the new function, and select the schedule for the trigger, which determines how often the function will pull data.

A workload. Next, paste the code for function 1. Adjust the variables for sign in based on the AAD application registered. It is listed as part of the endpoints. We will come back to adjust the storage variables shortly as part of the integration of the storage queues.

Optionally modify the included workloads or message size. Note that reducing message size will increase the number of times Azure Function 2 is run. Next, select integrate and add an Azure Queue Storage output.

These steps are required to use cloud queue functionality. A regular storage queue call does not allow for multiple objects. In that case create a queue manually in the associated storage account. Follow these steps to create the second function, which is a Queue trigger.By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

The dark mode beta is finally here. Change your preferences any time. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. I don't know what am I doing wrong but all the calls return the Unauthorized code. I tried to find some code samples or more detailed walkthrough of the use of Management Activity API, but with no success.

Does anyone know where to find some code I can refer to? I already tried on OfficeDev PnP, but found nothing. Learn more.

Asked 4 years, 1 month ago.

office 365 management apis

Active 4 years, 1 month ago. Viewed 3k times. Thank you in advance! Marc Jordana Marc Jordana 77 2 2 silver badges 7 7 bronze badges. Active Oldest Votes. Tom Kaupe Tom Kaupe 71 1 1 bronze badge.

Thank you very much Tom! The sample works fine and now I see I was doing wrong the authentication flow.

I guess I will be able to translate the Powershell script into a Web App now. Sign up or log in Sign up using Google.

office 365 management apis

Sign up using Facebook. Sign up using Email and Password.When you create an application that needs access to secured services like the Office Management APIs, you need to provide a way to let the service know if your application has rights to access it.

Register your application in Azure AD.

Working with Office 365 Management API Events and Flow (Part 1)

This allows you to establish an identity for your application and specify the permission levels it needs to access the APIs. Get Office tenant admin consent.

An Office tenant admin must explicitly grant consent to allow your application to access their tenant data by means of the Office Management APIs. The consent process is a browser-based experience that requires the tenant admin to sign in to the Azure AD consent UI and review the access permissions that your application is requesting, and then either grant or deny the request. After consent is granted, the UI redirects the user back to your application with an authorization code in the URL.

Your application makes a service-to-service call to Azure AD to exchange this authorization code for an access token, which contains information about both the tenant admin and your application. The tenant ID must be extracted from the access token and stored for future use. Request access tokens from Azure AD.

Using your application's credentials as configured in Azure AD, your application requests additional access tokens for a consented tenant on an ongoing basis, without the need for further tenant admin interaction. These access tokens are called app-only tokens because they do not include information about the tenant admin.

The app-only access tokens are passed to the Office Management APIs to authenticate and authorize your application. Before you can access data through the Office Management Activity API, you must enable unified audit logging for your Office organization.

You do this by turning on the Office audit log. For instructions, see Turn Office audit log search on or off.

office 365 management apis

To register your app in Azure AD, you need a subscription to Office and a subscription to Azure that has been associated with your Office subscription. You can use trial subscriptions to both Office and Azure to get started. For more details, see Welcome to the Office Developer Program. After you have a Microsoft tenant with the proper subscriptions, you can register your application in Azure AD.

Sign into the Azure management portalusing the credential of your Microsoft tenant that has the subscription to Office you wish to use. You can also access the Azure Management Portal via a link that appears in the left navigation pane in the Office admin portal. In the left navigation panel, choose Active Directory 1. Make sure the Directory tab 2 is selected, and then select the directory name 3.

On the directory page, select Applications. Azure AD displays a list of the applications currently installed in your tenancy.

The URL where users can sign in and use your app. You can change this later as needed. The URI used as a unique logical identifier for your app. For example, if your Microsoft tenant is contoso.

However, there are several important aspects of your app left to configure. Now that your application is registered, there are several important properties you must specify that determine how your application functions within Azure AD and how tenant admins will grant consent to allow your application to access their data by using the Office Management APIs. This value is automatically generated by Azure AD.Prerequisites: Before you enable inputs, complete the previous steps in the configuration process:.

Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

You can configure inputs using Splunk Web recommended or using the configuration files. Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. Enter the NameAccountData and Index using information in the input parameter table below. Verify that data is successfully arriving by running the following search on your search head:.

If you do not see any events, check the Troubleshooting tab on your data collection node to verify that your accounts, forwarders, and inputs are all configured successfully. See Troubleshoot the Splunk Add-on for Microsoft Cloud Services for information about enabling this dashboard on your heavy forwarder.

Configure your inputs using the configuration files on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. Optional If you want to change the data sources or polling intervals, edit the data parameter. These default values represent all the data sources currently available for collection with this add-on.

Note: CurrentStatus also includes HistoricalStatus. CurrentStatus uses the interval defined here, but HistoricalStatus uses 24 hoursbecause Microsoft generates historical status once per day.

Was this documentation topic helpful? Please select Yes No. Please specify the reason Please select The topic did not answer my question s I found an error I did not like the topic organization Other.

Enter your email address, and someone from the documentation team will respond to you:. Feedback submitted, thanks! You must be logged into splunk.

Log in now. Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

Version released latest release. Toggle navigation Hide Contents. Splunk Add-on for Microsoft Cloud Services. Note: If you want to collect audit logs for mailbox access from Exchange Online, you need to turn on mailbox audit logging in Officewhich is not enabled by default.

See Exchange audit logging. If you configure the Office input for the first time, the activity log such as Audit. Exchange, Audit. Sharepoint and Audit. AzureActivityDirectory will subscribe the data from Microsoft side.


thoughts on “Office 365 management apis

Leave a Reply

Your email address will not be published. Required fields are marked *