Configuring and Managing

Tenant Configuration

In this section:

• Overview
• Pre-requisites
• Automatic tenant configuration
• Registering an application in Entra ID
• Manual tenant configuration

Overview

The product console enables administrators to configure and manage Microsoft 365 tenants for centralized monitoring, reporting, and alerting. This includes both manual and automatic setup methods to connect tenant accounts securely and synchronize Microsoft 365 data for accurate reporting. This page explains the steps for configuring tenants in both manual and automatic modes.

Pre-requisites

Before configuring a Microsoft 365 tenant in the product console, ensure the following:

• A Microsoft 365 subscription to provide access to services such as Exchange Online, SharePoint, OneDrive, and Teams.
• Trial subscription s to Microsoft 365 can be used to get started if you do not have paid subscriptions.
• Entra ID Premium license: Users with an Entra ID Premium license can access additional details for logon events, including location, applied policies, and other relevant information. This also applies to risk detection events. An Entra ID Premium license is required to view these details.
• For manual tenant configuration, you must register an application in Entra ID and grant the required API permissions.
• Unified audit logging: To access data through the Microsoft 365 Management Activity API, unified audit logging must be enabled by turning on the Microsoft 365 audit log. For instructions, see Turn Microsoft 365 audit log search on or off.

Automatic tenant configuration

1. In the Domain and Accounts page, go to the Configure Cloud Accounts tab and click Add Cloud Account in the top-right corner.

   

2. From the Select Cloud Account drop-down, choose Microsoft 365.

   

3. Select Using Microsoft Login beside the Configure options

   

4. Click Advanced Configuration and select the environment from the Azure Environment drop-down.

   NOTE Choose the environment based on where your tenant is hosted.

   

5. Click Configure to save the account.
6. You will be redirected to the Microsoft 365 login portal. Sign in with a Global Administrator account and click Accept.

   

7. An application for the product will be created automatically. You will then see a page displaying the list of permissions required by the application.
8. Review the permissions and click Accept. You will be redirected back to the product console, indicating a successful tenant configuration.

Registering an application in Entra ID

NOTE Skip this section if you plan to use automatic tenant configuration.

Follow the steps below to register and configure the Log360 application in Microsoft Entra.

• Register the application
• Configure Redirect URI
• Add API permissions
• Grant admin consent
• Generate client secret
• Collect application details

Register the application

1. Sign in to the Microsoft Entra admin center using the credentials of a Global Administrator account.

   

2. In the left pane, click App registrations.

   

3. In the App registrations page, click New registration.

   

4. Provide a Name for the Log360 application to be created.
5. Select a supported account type based on your organizational needs.

   NOTE Choose Single Tenant if your application will only be accessed by users and guests within your own organization. This provides improved security by restricting access to internal accounts only, reducing exposure to external users.

   

6. Leave the Redirect URI field blank for now.
7. Click Register to complete the initial app registration.

   

8. Once created, you will be redirected to the Overview page of the application.

Configure Redirect Uniform Resource Identifier (URI)

1. In the app registrations page, click Authentication (Preview).

   

2. Click Add Redirect URI.

   

3. In the pop-up that appears, select Web.

   

4. Enter the following value in the Redirect URI field: https://identitymanager.manageengine.com/api/public/v1/oauth/redirect

   

5. Leave the Logout URL and Implicit grant options blank.
6. Click Configure.

Add API permissions

NOTE If you want to modify the permissions manually, skip this step and follow the instructions in this section.

1. From the left pane, select Manifest.

   

2. Locate the requiredResourceAccess array in the JSON code.

   

3. Copy the content from this file and paste the content into the highlighted section as shown in the image below.
   NOTE The file contains all the required permissions:

   1. Microsoft Graph permissions:
      • Directory.Read.All
      • AuditLog.Read.All
      • Domain.Read.All
      • IdentityRiskEvent.Read.All
      • Policy.Read.All
   2. Office 365 Exchange Online permissions:
      • Exchange.ManageAsApp
   3. Office 365 Management APIs permissions:
      • ActivityFeed.ReadDlp
      • ActivityFeed.Read

   

4. Copy the content from the opening square bracket [ to the closing square bracket ], and replace the existing content with it. Ensure all punctuation is retained.

   

5. Click Save to add the API permissions.

   

Grant admin consent

1. In the left pane, select API permissions.

   

2. Under Configured permissions, click Grant admin consent.

   

3. Confirm by clicking Yes in the pop-up.

   

Generate client secret

1. From the left pane, go to Certificates & secrets.

   

2. Under Client secrets, click New client secret.

   

3. In the pop-up, enter a description to identify the app.
4. Select an expiry duration from the Expires drop-down.
5. Click Add.

   

6. Copy the string under Value and store it securely.

   NOTE You will need the Application Secret to complete the tenant configuration in the product console.

   

Collect application details

1. Go to the Overview section of the registered application.

   

2. Copy and save the Application (client) ID.

   

3. These values will be required to configure the Microsoft 365 tenant in the product console.

Manual tenant configuration

1. In your product console, navigate to the Settings tab.
2. Under Log Configuration, select Domain and Accounts.

   

3. Go to the Configure Cloud Accounts tab on the Domain and Accounts page and click Add Cloud Account in the top-right corner.

   

4. From the Select Cloud Account drop-down, choose Microsoft 365.

   

5. Select Manually beside the Configure options.

   

6. Fill in the following fields:
   • Tenant Name
   • Display Name
   • Application ID
   • Application Secret

   NOTE Use the same Tenant Name as registered in the Entra portal, and enter the Application ID and Application Secret as obtained during registration. Display name can be a unique name representing the tenant, preferably the tenant name itself.

7. Click Advanced Configuration and select the environment from the Azure Environment drop-down.

   Note Choose the environment based on where your tenant is hosted.

   

8. Click Configure to save the account, then sign in with a Global Administrator account to complete the setup and grant the required permissions.

Managing M365 accounts

In this page:

• Overview
• Viewing configured cloud accounts
• Editing a cloud account
• Deleting a cloud account
• Syncing tenant objects
• Configuring the sync schedule
• Editing the sync schedule

Overview

This section elaborates on managing Microsoft 365 accounts in the product console. It guides administrators on how to view, edit, and delete accounts, synchronize tenant objects, and configure sync schedules.

Viewing configured cloud accounts

1. In your product console, navigate to the Settings tab.
2. Under Log Configuration, select Domain and Accounts.

   

3. Go to the Configure Cloud Accounts tab on the Domain and Accounts page.
4. The page displays all configured accounts with the following details:
   • Display name: The name given to the account.
   • Account type: Identifies whether the account is Microsoft 365, or another supported cloud service.
   • Number of sources: Displays the total number of data sources linked to the account.
   • Configured time: Records when the account was last set up or modified.
   • Object sync: Displays whether object synchronization is enabled or disabled for the account.
   • Status: Indicates whether the account is active, inactive, or if the configuration has failed.

   

5. Use the icon to find accounts by their display name.

   

6. Filter accounts by using the account type drop-down, where you can select all tenants or only Microsoft 365 accounts.

   

Editing a cloud account

You can edit the credentials of an already configured cloud account if there are changes in the tenant details or application information.

1. In the Configure Cloud Accounts page, click the icon next to the account you want to modify.

   

2. In the pop-up window, update the required details:
   • Tenant Name: The tenant domain name associated with the account.
   • Application ID: The client ID of the registered application in Microsoft Entra ID.
   • Application Secret: The client secret key generated in the Azure portal.

   

3. Once the details are entered, click Save to update the account configuration.

Deleting a cloud account

1. In the Account Management page, locate the account you want to delete.
2. Click the under the Actions column.

   

3. A confirmation dialog will appear. It states that deleting the account will also remove all associated:
   • Configured data sources
   • Import log configurations
   • Log forwarding policies
4. Click Yes to delete the account permanently.

   

Configuring the sync schedule

1. In the Configure Cloud Accounts tab, click Configure under the Object sync schedule column.

   

2. In the Schedule Tenant Object Sync window, enable the Schedule Sync toggle and select the objects you want to sync.

   

3. In the Schedule Frequency dropdown, select how often you want the sync to run: Daily, Weekly, or Monthly.

   

4. Click Save to add the selected objects.

Syncing tenant objects

To sync tenant objects immediately, follow these steps:

1. In the Configure Cloud Accounts tab, hover under the Object sync schedule column next to the account and click the icon.

   

2. In the Sync tenant objects window, select the objects you want to sync.

   

3. Click Sync Now to start synchronization immediately.
4. To check details, click the icon next to an object to view its status and the last sync time.

   

Editing sync schedule

1. In the Configure Cloud Accounts tab, hover under the Object sync schedule column next to the account and click the icon.

   

2. Select the objects that you want to sync.
3. In the Schedule Frequency dropdown, select how often you want the sync to run: Daily, Weekly, or Monthly.

   

4. To view past synchronization details, click the Show History in the top-right corner.

   

5. The Sync History page displays a table with:
   • Sync date and time
   • Sync status
   • Details

   

6. Click Details beside an entry to view specific objects and their corresponding statuses.

   

7. You can also use the icon to refine results by status: All, Running, Completed, Partially Synced, or Failed.

   

8. Click Close to return to the schedule page.
9. In the Schedule Tenant Object Synchronization window, click Save to apply the changes.

   

Managing cloud sources

In this page:

• Overview
• Viewing configured data sources
• Enabling or disabling data source
• Configuring category filters
• Deleting a data source

Overview

This section elaborates on managing cloud data sources. It explains how to view configured sources, monitor their status, enable or disable them, apply category filters to specify which logs are collected, and delete sources that are no longer required.

Viewing configured data sources

1. In your product console, navigate to the Settings tab.
2. Under Log Configuration, select Manage Cloud Sources.

   

3. The page lists all the data sources linked to the selected account. Each data source is displayed with the following details:
   • Data source type - The type of cloud service being monitored, such as Microsoft Entra ID, SharePoint Online, Microsoft 365 General.
   • Tenant - The account or tenant name associated with the data source.
   • Data fetch interval - The frequency at which logs are collected from the source.
   • Last scan time - The most recent time the system attempted to scan the source.
   • Last message time - The timestamp of the most recent log received from the source.
   • Status - The current state of the data source, such as Success, Disabled, Cloud account monitored.

   

4. Use the icon to locate a data source by its name.

   

5. The Select Account drop-down can be used to display data sources from all tenants or from a specific tenant.

   

Enabling or disabling data source

1. In the Manage Cloud Sources page, click the icon next to the required data source you want to disable.
2. To re-enable it, click the icon.

Configuring category filters

1. In the Manage Cloud Sources page, under the Action column, click the icon next to a data source.
2. In the Manage Audit Categories window, select the checkboxes for the audit categories you want to collect data from.

   NOTE Only data from the selected audit categories will be stored.

   

3. Click Configure to save the changes.

Deleting a data source

NOTE During data source collection, deletion of the source will be restricted. If you need to delete a source, first disable it and then perform the deletion later.

1. In the Manage Cloud Sources page, under the Action column, click the icon next to the data source you want to delete.

   

2. A confirmation dialog appears. Click Yes to delete the data source permanently.

   NOTE Once deleted, the data source will no longer collect logs.

   

Read also

This page detailed how to configure tenants and manage Microsoft 365 accounts and cloud sources in the product console. To learn more about related configurations, see the articles below:

• Adding data source