In this second part we will focus on the LogRhythm configuration and use the informations obtained in the first part of the series, Preparing Azure AD (Office 365) for SIEM Integration. This will complete the integration and allow us to obtain audit logs directly from Azure and Office 365 into our SIEM solution.
Office 365 (O365) allows customers to host their Office solution in the Microsoft cloud. With the proper credentials and configuration, it’s possible for the LogRhythm System Monitor to collect O365 management events from the following applications through the Office 365 Management Activity API:
- Azure Active Directory (Azure AD)
Lately I have been asked how we see mail protection when migrating from an on-premises exchange solution to Office 365 (Exchange Online).
Before we begin, we should observe what is what when discussing these new services.