Knowledgebase
Safetica Office 365 file monitoring
Posted by Michael Skoupý, Last modified by Štěpán Horký on 11 June 2019 01:30 PM

Office 365 file monitoring - Safetica Azure application

As of version 9.1, manual creation of the Safetica Azure application is required. This application requires the following sets of permissions:

Required permission
Permission type
Purpose

Microsoft Graph: Read and write all users' full profiles

Application Required for identifying Azure Active Directory users and including them in the Safetica user tree

Office 365 Management APIs: Read activity data for your organization

Application Required for monitoring Office 365 file activity

1. Log in to your organization’s Azure Active Directory admin center: https://aad.portal.azure.com/

2. Go to All services → App registrations  New registration

3. Fill in the details for the new application and confirm by clicking on Register

Name SafeticaApplication (or choose your own)
Supported account types Accounts in this organizational directory only
Redirect URI (Web) https://safetica-management-server/WebSafetica/SaveOffice365ServiceAuthResult (replace the red text with your WebSafetica URL)

4. Your application's details will now open. Within the application's view go to Manage → API permissions → Add a permission and add the following permissions:

  • Microsoft Graph → Application permissions → User.ReadWrite.All (Read and write all users' full profiles)
  • Office 365 Management API → Application permissions → ActivityFeed.Read (Read activity data for your organization)

5. Confirm the new permissions by clicking on Grant admin consent for <your tenant name>

6. Within the application's view go to Manage → Certificates & secrets → New client secret and add a client secret:

Description SafeticaSecret (or choose your own)
Expires Never

7. Copy the the new secret's value for later as you won't be able to retrieve it after your leave your current view

8. Go back to the application's Overview and copy the Application (client) ID for later

6. Applying your changes may take a while, bear this in mind before continuing with next steps.


Office 365 file monitoring - WebSafetica configuration

Once you have your Safetica Azure application created and configured, you may have to wait for a while until the changes are fully applied. If you run into problems with the steps below, repeat them again later.

1. Log in to your WebSafetica management console

2. Go to Management → General → Office 365 settings and click on the Edit icon

3. Fill in the form with the information prepared in previous steps:

Tenant name

your Azure tenant name (e.g. your-tenant.onmicrosoft.com)

You can confirm this at https://portal.office.com/adminportal/home#/Domains (Microsoft 365 admin center → Setup → Domains)

App ID

your application (client) ID

App key

your application's client secret's value

4. Save the form and if the information have been filled in correctly, a green banner will confirm saving your changes.