Kaspersky Next XDR Expert
1.2

Contents

Configuring receipt of Microsoft 365 events

You can configure the receipt of events from the Microsoft 365 (Office 365) cloud solution in KUMA.

Configuring event receiving consists of the following steps:

  1. Configuring access to Office 365 management APIs using standard Microsoft methods

    To receive events in KUMA, grant the necessary set of API permissions:

    Microsoft.Graph

    Directory.Read.All

    Office 365 management API

    ActivityFeed.Read

    ActivityFeed.Read.Dlp

  2. Creating a KUMA collector

    To receive Microsoft 365 events, create a collector with the following parameters:

    • At the Transport step, specify the office365 connector type.
    • At the Parsing events step, specify the [OOTB] Microsoft Office 365 json normalizer.
  3. Installing a collector in a KUMA network infrastructure
  4. Verifying receipt of Windows Microsoft 365 in the KUMA collector

    To verify that the Microsoft 365 event source server is configured correctly, you can search for related events.

Page top
[Topic 295058]