Knowledge base
Knowledge base: English > General Information
Office 365 integration prerequisites
Posted by Michael Skoupý, Last modified by Michael Skoupý on 17 March 2020 02:42 PM

In this article, you will learn which prerequisites need to be configured on your Safetica Management Server and Azure tenant for the Safetica Office 365 integration to work correctly.

The steps described below need to be performed by all users who havent yet configured the Safetica Office 365 integration or who are setting up a new tenant. Also, if you are experiencing issues with Safetica Office 365 integration, please check these settings before contacting Safetica Support.

Three areas need to be checked and configured:

1. Allow PowerShell Basic Authentication

Safetica uses PowerShell commands to communicate with Microsoft Graph API. Graph API, however, only supports PowerShell Basic Authentication method: https://office365.uservoice.com/forums/264636-general/suggestions/20570782

From security perspective, we are not happy about this, and we intend to change the authentication method as soon as Microsoft enables us to do so. In the meantime, you can use the following commands to turn on Basic Authentication on your Safetica Management Server machine:

Command Prompt

winrm set winrm/config/client/auth @{Basic=”true”}

PowerShell

winrm set winrm/config/client/auth ‘@{Basic=”true”}’

2. Turn on Azure audit logging

Before you can start setting up your Safetica Office 365 integration, you must turn on audit logging in your Azure tenant. In the past, it used to be enabled by default, so existing Safetica users with configured Office 365 integration have this setting enabled already. New users or users with new Azure tenants, however, must turn this configuration on manually. To turn on Azure audit logging, use the Security & Compliance Center and perform the following steps:

  1. Visit https://protection.office.com.
  2. In the Security & Compliance Center, go to Search > Audit log search.

You will see a banner informing you that auditing must be turned on to record user and administrator activity.

  1. Click Turn on auditing.

If you do not see the banner with the Turn on auditing button, it means you have audit logging enabled and do not need to take any further actions.

Audit logging can also be turned on via a PowerShell command:

  1. Connect to Exchange Online PowerShell.
  2. Run the following PowerShell command:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

 

Please note that applying these changes in Azure tenant might take some time. We recommend waiting a few hours before contacting Safetica Support with issues.

 3. Disable Microsoft security defaults

From October 22th, 2019, Microsoft sets for newly created Azure tenants to Enabled by default. This setting, however, blocks all unknown connections including Safetica. For Safetica Office 365 integration to work correctly, you need to disable security defaults for your tenant:

  1. Sign in to the Azure portal as a security administrator, conditional access administrator, or global administrator.
  2. Go to Azure Active Directory > Properties.
  3. Click Manage security defaults.
  4. Set the Enable security defaults option to No.
  5. Click Save.

This setting does not compromise security, it just allows your Azure tenant to communicate with third parties.

Please note that applying these changes in Azure tenant might take some time. We recommend waiting a few hours before contacting Safetica Support with issues.

After you perform these three steps, you can start configuring Safetica Office 365 integration in the desktop Safetica Management Console.

(0 vote(s))
Helpful
Not helpful