Cloud Directory Services Audit Configuration

Azure Active Directory

Azure AD can be audited by ADAudit Plus via two methods:

1. Via Azure AD API (Reporting API).

2. Via Office365 Cmdlet (Search-UnifiedAuditLog).

1. Via Azure AD API

Licensing criteria:

  • Activity(Management) logs does not require Azure license.
  • Sign in logs require Azure AD premium license.

How to configure in ADAudit Plus:

  • Go to Configuration tab, select Cloud Directory, click Add Tenant.
  • Select Audit via Azure.
  • Enter your tenant name(, client ID, client secret.
  • Click on Add.

How to get client ID and client secret for configuring in ADAudit Plus:

  • Add a new application in Azure AD (For reporting API).
    • On your Azure AD platform, click on App Registrations -> New Application Registration.
    • Fill in a valid Name (Example: Reporting API Application).
    • In application type, select Web app / API.
    • Fill in a Sign-on URL (Preferred URL: http://localhost ).
    • Click on Create.
  • Grant appropriate permissions to the created app:
    • Click Azure Active Directory -> App Registrations -> Select your application(Example: Reporting API Application)
    • Select required permissions
      • Click Windows Azure Active Directory.
      • In Application permissions drop-down list,select Read directory data.
      • Click Save.
      • Click Grant Permissions -> Yes.

  • Get the client ID and client secret of the created app
    • Click Azure Active Directory -> App Registrations -> Select your application(Example: Reporting API Application).
    • Copy Application ID (Example: 504467c0-57ba-4b01-96c3-f40397adae69), this is your client ID.
    • Click Keys in API access tab.
      • Enter a suitable key description and duration (Example: Description = ADAudit Plus Key, Duration = Never expires).
      • Click on Save and the secret key will be generated by the portal.
      • Copy the value of your secret key (Example: 14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=) , this is your client secret.

2. Via Office365 Cmdlet

Licensing criteria:

  • Requires Office365 license.

How to configure in ADAudit Plus:

  • Go to configuration tab, select Cloud Directory,click Add Tenant.
  • Select Audit via Office365.
  • Enter your tenant name(, username(, password.
  • Click on Add.

System Requirements:

  • Requires Microsoft .NET version 4.
    • To check if Microsoft .NET Framework is installed, open Command Prompt from Run. Enter the following command reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version . Check the displayed version,if version 4 is not installed, install Microsoft .NET Framework 4 from here.
  • Requires PowerShell version 3.
    • To check if PowerShell is installed, type PowerShell from Run. If PowerShell is installed, check for its version number by running the command $PSVersionTable, if the version is below 3 or if PowerShell is not installed, install PowerShell V 3.0 from here
  • Requires Azure AD Module for Windows PowerShell
    • To get correlated on-premises details for your cloud events, AzureAD module is required and also you need to configure your onPremises domain in ADAudit Plus.
    • To check if this module is installed, open PowerShell and enter get-module -Name AzureAD. This will list the module if it is installed, if it is not installed, install from powershell by running the cmdlet Install-Module AzureAD, Reference.
    • This module (AzureAD) is available only for 64 bit version of Windows.

User privileges required

  • Required Role: Reference
    • Global Administrator.
  • Required permission :SetPermissions
    • Compliance Management (Audit Logs).
    • Organization Management (View-Only Audit Logs).
Copyright © 2022, ZOHO Corp. All Rights Reserved.
Get download link