Microsoft 365 Microsoft Office 365 integration currently supports user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs exposed by the Office 365 Management Activity API. Procedures   To perform the setup, please confirm that you have the following access:   A Microsoft Office 365 account with Administrative Privileges A Microsoft Azure account with Administrative Privileges   Register a new Office 365 web application To get started collecting Office 365 logs, register an Office 365 web application:   Log into the Office 365 portal as an Active Directory tenant administrator. Click  Show all  to expand the left navigation area, and then click  Azure Active Directory . Select  App Registrations , and then click  + New application registration .   Provide the following information in the fields:   Name – for example, o365 cytech . Select  Single tenant  for supported account types. Leave the Redirect URI blank. The  Audit Log Search needs to be enabled. Click  Register  and note the Application (client) ID.   Setup Active Directory security permissions The Active Directory security permissions allow the application you created to read threat intelligence data and activity reports for your organization.   To set up Active Directory permissions:   On the main panel under the new application, click  API Permissions , and then click  + Add a permission . Locate and click on  Office 365 Management APIs . In  Application permissions , expand and select  ActivityFeed.Read ,  ActivityFeed.ReadDlp ,  ActivityReports.Read , and  ServiceHealth.Read Ensure all necessary permissions are selected, and then click  Add permissions . Click  Grant admin consent , and then click  Accept  to confirm. On the left navigation area, select  Certificates & secrets , and then click  + New client secret . Make Sure to Copy the  Value ( Client Secret (Api Key ) will disappear   Type a key  Description  and set the duration to  Never or Maximum Grant time . Click  Add . Click  Overview  to return to the application summary, and then click the link under  Managed application in local directory . Click  Properties , and then note the Object ID associated with the application.   Steps to Renew the Client Secret (API Key): Log into the Azure Portal : Go to the Azure Portal and log in using an account with administrative privileges. Navigate to Azure Active Directory : In the left navigation pane, select Azure Active Directory . If it's not visible, click Show all to expand the list and find it. Go to App Registrations : Under Azure Active Directory , select App Registrations . Find your registered application (e.g., "o365cytech") in the list, or use the search bar to locate it. Open Certificates & Secrets : Click on the registered app to open its details page. In the left-hand menu, select Certificates & Secrets . Generate a New Client Secret : Under Client Secrets , you'll see a list of previously created secrets, along with their expiration dates. Click + New client secret to create a new one. Configure the New Secret : Enter a description for the new key (e.g., "Renewed Key for o365cytech"). Set the duration for the new client secret: Save and Copy the New Secret : Click Add . Once the new secret is generated, copy the value immediately . This is your new client secret (API key). The secret value will be hidden after you leave this page, so make sure to store it securely. Update Any Services Using the Key : If any services or scripts are using the previous client secret, you'll need to update them with the new one. Remove the Old Secret (Optional) : If the old client secret is no longer needed, you can delete it to avoid confusion. Simply click the trash icon next to the old key under Client Secrets .