Prepare the Microsoft/Office 365 integration
You can integrate Microsoft 365 or Office 365 with ARM, which uses the Microsoft Graph API to access Azure AD and OneDrive.
The following permissions are required:
- Application.ReadWrite.OwnedBy
- Directory.ReadWrite.All
- Files.ReadWrite.All
- Group.ReadWrite.All
- Member.Read.Hidden
- User.ReadWrite.All
- Sites.FullControl.All
- User.Invite.All
ARM uses the Office 365 Management API to access OneDrive and SharePoint Online events.
To retrieve events, enable Office 365 auditing. See Turn auditing on or off located on the Microsoft Learn website for instructions.
The following permissions are required:
- ActivityFeed.Read
- ServiceHealth.Read
Assign the required permissions
-
Navigate to the Azure Portal website and log in with administrator credentials.
-
Click Azure Active Directory.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Azure Active Directory.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click New Registration.
(Screenshot property of © 2020 Microsoft Corporation)
-
Assign a name to the application, and then click Register.
For example, SolarWinds ARM.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Overview.
(Screenshot property of © 2020 Microsoft Corporation)
-
In the Application (client) ID field, record the application to a safe place. You will need this ID number in a future step as the user name to access Azure/Microsoft 365 resources.
-
Click Certificates and Secrets.
-
Click New client secret.
(Screenshot property of © 2020 Microsoft Corporation)
-
In the Description field, enter a description of the client secret.
(Screenshot property of © 2020 Microsoft Corporation)
-
In the Expires field, enter an expiration date for the secret.
-
Click Add.
-
In the Value field, copy the value to a safe place. You will need this value as the password to access Azure/Microsoft 365 resources.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click API permissions.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Add a permission.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Microsoft Graph.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Application permissions.
(Screenshot property of © 2020 Microsoft Corporation)
-
Under Request API permissions, enable the following permissions:
-
Application.ReadWrite.OwnedBy
-
Directory.ReadWrite.All
-
Files.ReadWrite.All
-
Group.ReadWrite.All
-
Member.Read.Hidden
-
User.ReadWrite.All
-
Sites.FullControl.All
-
User.Invite.All
(Screenshot property of © 2020 Microsoft Corporation)
-
-
Click Add permissions.
-
Click Add a permission.
(Screenshot property of © 2020 Microsoft Corporation)
-
Click Office 365 Management APIs.
-
Under Request API permissions, click Application permissions.
(Screenshot property of © 2020 Microsoft Corporation)
-
Enable the following permissions:
-
ServiceHealth.Read
-
ActivityFeed.Read
-
-
Save your settings.
-
Under Grant admin consent confirmation, click Grant admin consent for, and then click Yes.
(Screenshot property of © 2020 Microsoft Corporation)
If the approval was approved, you can use the Application ID and client secret to configure Azure resources in ARM.
(Screenshot property of © 2020 Microsoft Corporation)