Connect Office 365 to Microsoft Cloud App Security
This section provides instructions for connecting Cloud App Security to your existing Microsoft Office 365 account using the app connector API.
Cloud App Security supports the legacy Office 365 Dedicated Platform as well as the latest offerings of Office 365 services (commonly referred as the vNext release family of Office 365). Cloud App Security does not support the Legacy Microsoft Business Productivity Online Standard Suite.
In some cases, a vNext service release differs slightly at the administrative and management levels from the standard Office 365 offering.
Cloud App Security supports the following Office 365 apps:
- Office 365
- Teams (only appears after activities from Teams are detected in the portal)
- PowerBI (only appears after activities from PowerBI are detected in the portal, and requires you to turn on auditing)
- Exchange (only appears after activities from Exchange are detected in the portal, and requires you to turn on auditing)
How to connect Office 365 to Cloud App Security
- You must have at least one assigned Office 365 license to connect Office 365 to Cloud App Security.
- Exchange administrator audit logging, which is enabled by default in Office 365, logs an event in the Office 365 audit log when an administrator (or a user who has been assigned administrative privileges) makes a change in your Exchange Online organization. Changes made using the Exchange admin center or by running a cmdlet in Windows PowerShell are logged in the Exchange admin audit log. For more detailed information about admin audit logging in Exchange, see Administrator audit logging.
- Exchange Mailbox audit logging must be turned on for each user mailbox before user activity in Exchange Online is logged, see Exchange Mailbox activities.
- If Office apps are enabled, groups that are part of Office 365 are also imported to Cloud App Security from the specific Office apps, for example if SharePoint is enabled, Office 365 groups are imported as SharePoint groups as well.
- You must enable auditing in PowerBI to get the logs from there. Once auditing is enabled, Cloud App Security starts getting the logs (with a delay of 24-72 hours). If your Azure Active Directory is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment override the Azure AD settings and use of the Suspend user governance action is reverted.
In Connected apps page, click the plus button and select Office 365.
In the Office 365 pop-up, click Connect Office 365.
Click Test now to test the connection to Office 365. Testing may take a couple of minutes.
After Office 365 is displayed as successfully connected, click Close.
After connecting Office 365, you will see data from a week back including any third-party applications connected to Office 365 that are pulling APIs. For third-party apps that weren't pulling APIs prior to connection, you see events from the moment you connect Office 365, because Cloud App Security turns on any APIs that had been off by default.