Prepare the Microsoft/Office 365 integration

You can integrate Microsoft 365 or Office 365 with ARM, which uses the Microsoft Graph API to access Azure AD and OneDrive.

The following permissions are required:

• Application.ReadWrite.OwnedBy
• Directory.ReadWrite.All
• Files.ReadWrite.All
• Group.ReadWrite.All
• Member.Read.Hidden
• Sites.FullControl.All
• User.Invite.All
• User.Read
• User.ReadWrite.All

ARM uses the Office 365 Management API to access OneDrive and SharePoint Online events.

To retrieve events, enable Office 365 auditing. See Turn auditing on or off located on the Microsoft Learn website for instructions.

The following permissions are required:

• ActivityFeed.Read
• ServiceHealth.Read
• Sites.FullControl.All
• Sites.Manage.All
• Sites.Read.All
• Sites.ReadWrite.All

Assign the required permissions

1. Navigate to the Azure Portal website and log in with administrator credentials.

2. Click Azure Active Directory.

   

   (Screenshot property of © 2020 Microsoft Corporation)

3. Click Azure Active Directory.

   

   (Screenshot property of © 2020 Microsoft Corporation)

4. Click New Registration.

   

   (Screenshot property of © 2020 Microsoft Corporation)

5. Assign a name to the application, and then click Register.

   For example, SolarWinds ARM.

   

   (Screenshot property of © 2020 Microsoft Corporation)

6. Click Overview.

   

   (Screenshot property of © 2020 Microsoft Corporation)

7. In the Application (client) ID field, record the application to a safe place. You will need this ID number in a future step as the user name to access Azure/Microsoft 365 resources.

8. Click Certificates and Secrets.

9. Create a certificate.

10. Click Upload certificate. Note the certificate thumbrpint.

11. Deploy the certificate to the LocalMachine (server and collector).

    

12. Click API permissions.

    

    (Screenshot property of © 2020 Microsoft Corporation)

13. Click Add a permission.

    

    (Screenshot property of © 2020 Microsoft Corporation)

14. Click Microsoft Graph.

    

    (Screenshot property of © 2020 Microsoft Corporation)

15. Click Application permissions.

    

    (Screenshot property of © 2020 Microsoft Corporation)

16. Under Request API permissions, enable the following permissions:

    • Application.ReadWrite.OwnedBy

    • Directory.ReadWrite.All

    • Files.ReadWrite.All

    • Group.ReadWrite.All

    • Member.Read.Hidden

    • Sites.FullControl.All

    • User.Invite.All

    • User.Read

    • User.ReadWrite.All

    

    (Screenshot property of © 2020 Microsoft Corporation)

17. Click Add permissions.

18. Click Add a permission.

    

    (Screenshot property of © 2020 Microsoft Corporation)

19. Click Office 365 Management APIs.

20. Under Request API permissions, click Application permissions.

    

    (Screenshot property of © 2020 Microsoft Corporation)

21. Enable the following permissions:

    • ActivityFeed.Read
    • ServiceHealth.Read
    • Sites.FullControl.All
    • Sites.Manage.All
    • Sites.Read.All
    • Sites.ReadWrite.All

22. Save your settings.

23. Under Grant admin consent confirmation, click Grant admin consent for, and then click Yes.

    

    (Screenshot property of © 2020 Microsoft Corporation)

    If the approval was approved, you can use the Application ID and client secret to configure Azure resources in ARM.

    

    (Screenshot property of © 2020 Microsoft Corporation)