SharePoint Manager Plus – Authentication steps to access Office 365 audit data
Microsoft Azure Active Directory (Azure AD) is utilized to securely allow SharePoint Manager Plus to access Office 365 audit data. For this, SharePoint Manager Plus needs to be registered in Azure AD where its permission level to access Office 365 will be mentioned.To register SharePoint Manager Plus in Azure AD, a user must have an Office 365 business account with global administrator privileges.
Registering SharePoint Manager Plus in Azure AD
- Go to Office 365 Home and choose Admin, from the app launcher icon, which will take you to Office 365 Admin center page.
- From the left panel, under Admin select Azure AD which will take you to Azure Management Portal page.
- In Azure Management portal, choose ACTIVE DIRECTORY. Click the DIRECTORY tab and select the directory name; this will lead to the selected directory page.
- On the directory page, select APPLICATIONS tab and click ADD located at the bottom of the page.
- Choose Add an application my organization is developing, give a NAME and specify the Type as WEB APPLICATION AND/OR WEB API.
- Enter the SIGN-ON URL that is used to sign into SharePoint Manager Plus. It should be of the following syntax.
http://<ip address of machine where SharePoint Manager Plus is installed>:<port number>
So, typically It would look like http://192.168.208.54:8085.
- Enter the APP ID URI that is used as the unique logical identifier for SharePoint Manager Plus. The app id URL should be of the following syntax.
http://<app name>.<tenant name>.onmicrosoft.com
So, if your Microsoft tenant is tenantname.onmicrosoft.com, and your app name is spmp, your app id would typically look like https://spmp.tenantname.onmicrosoft.com
- Click the check mark to proceed with the registration. SharePoint Manager Plus is now registered with Azure AD, and has been given a client ID.
Configure SharePoint Manager Plus properties in Azure AD
- Select the CONFIGURE tab under the registered application where its properties need to be specified.
- Save the CLIENT ID generated by Azure for further usage as it would be needed to request consent from tenant administrator and app-only tokens from Azure AD.
- Set YES to APPLICATION IS MULTI-TENANT
- Set NO to USER ASSIGNMENT REQUIRED TO ACCESS APP
- Under Keys, select duration for your key and click SAVE located at the bottom of the page. Azure generates the client secret which must be saved for further usage.
Azure displays the client secret only when it is initially generated. It cannot be retrieved later. Thus, it is important to save the client secret carefully for further usage.
- Under single sign-on, enter the REPLY URL same as the SIGN-ON URL.
- Under permissions to other applications, click Add application, select Office 365 Management APIs, and click the check mark placed in the lower right.
- Office Management APIs will now appear under permissions to other applications. Under both Application Permissions and Delegated Permissions, provide all permissions for SharePoint Manager Plus.
- Click Save.
Configure Office 365 account in SharePoint Manager Plus
- In SharePoint Manager Plus, go to Admin > Office 365 Audit Settings
- Enter the Azure AD application client ID and client secret.
- Click Enable here against the Office 365 account that needs to be configured.You'll be redirected to Microsoft Online login page.
If the client ID is incorrect or the reply URL is wrongly configured, a bad request error message will be displayed.
- Login using the Office 365 account credentials.
- Click Accept to grant all permissions for SharePoint Manager Plus to access Office 365 audit data. Immediately after configuration, SharePoint Manager Plus initially displays the previous seven days' audit data.