How do I collect from Microsoft Office 365?
The Nanitor Microsoft Office 365 benchmark supports the Microsoft Office 365 cloud through the Nanitor Collector.
Prerequisites
To collect information from Microsoft Office 365, the Nanitor Collector requires access through an application created in Microsoft Azure.
If any further information is required, refer to this page
- Sign in to the Azure portal: https://portal.azure.com
- Select Azure Active Directory -> App registrations -> New registration
1. Input a name of your choice. 2. Under “Supported account types”, select “Accounts in any organizational directory (Any Azure AD directory - Multitenant)
- Once the application has been registered, adjust the API permissions. Head to API Premissions -> Add a premission -> Microsoft Graph.
1. Choose Application permissions 2. Select SecurityEvents -> SecurityEvents.Read.All
Note: Admin consent is required, so acquire permission from your Microsoft Azure Admin. The admin can provide consent by heading to the API permissions page, and pressing “Grant admin consent for
-
Expose the SecurityEvents.Read.All API.
- Head to Expose an API tab, click “Add a scope”.
- The Application ID URI field should be automatically filled with the Application ID.
3. Add a scope named SecurityEvents.Read with both Admins and users able to consent. Set the consent display name and description.
This application is configured in order to allow the Nanitor Collector to connect to it, and read information from the Graph API.
Specifying the credentials
To create a credential, the Nanitor Collector requires information from the Microsoft Azure application.
First, it requires a Client ID (or Application ID), found in the Overview page of the application:
Then it requires a Tenant ID (Directory ID), found on the Overview page of the application:
Lastly, it requires a Client Secret, which can be created on the “Certificates & Secrets” page of the application:. The secret is created by pressing Client Secrets -> “New client secret”, and provide a description, as well as duration, for the secret, and selecting “Add”.
Important! After the Client Secret is saved in the Azure Application, it must be copied and stored in a secure location. You will not be able to access it after you leave the page.
To create the Nanitor Collector credential navigate to Organization Management → Collectors → Credentials
In the upcoming window select Azure as the Access method and fill in the other information from the steps retrieved earlier
Starting data collection
Now go ahead and start collection from Microsoft Office 365 by switching over to the Asset tab and select Add asset
In the upcoming window:
- select Cloud as the Asset type
- Select your prefered Collector
- Give the Azure environment an identifiable Name. The name will appear in the asset inventory later on
- Select Microsoft as the Cloud type
- Pick the Credential that you have created in the previous step
- Define a Label which is defining the priority of your Azure environment. You can do this also later on.
Wait a few seconds as it will complete authenticating and fully collecting the first results. Once completed, the results will be immediately available in the Nanitor UI. The collector will continue collecting results once every 24 hours.
You should see your Azure environment as an asset in the asset inventory as of type Cloud. After a couple of minutes you should notice the automatically detected benchmark from Nanitor.
If the results do not appear in the Nanitor UI, ensure that the benchmark is selected (Microsoft Office) and in scope for the organization (Administration → Organization Management → Benchmarks).