On Boarding Azure AD Tenants
To run reports against your Azure AD tenants for any of our Office 365 / Azure AD reporting you'll need to onboard your tenant.
Click on Account Management in the top right of the portal (gear icon) and then Onboard New Azure Tenant
Then, click on the Onboard new tenant button
You'll then be presented with the Azure login screen. You will need to use an account that has administrative permissions on your tenant in order to read your Azure AD tenant and Azure AD logs. These are permissions required as per the following screenshot:
Here is a detailed description of all the permissions requested during on boarding. An Azure AD application is built in your tenant that allows InfraSOS to read your Azure AD logs. (More details can be found in the officialMicrosoft documentation):
- ‘Sign you in and read your profile’ (User.Read, Delegated): Required for accessing your tenant to set up the Service Application.
- ‘Read and write applications’ (Application.ReadWrite.All, Delegated): Needed for creating the Service Application in your tenant.
- ‘Manage app permission grants and app role assignments’ (AppRoleAssignment.ReadWrite.All, Delegated): Provides necessary permissions for the Service Application to generate reports on the InfraSOS Portal.
- ‘Read and write directory RBAC settings’ (RoleManagement.ReadWrite.Directory, Delegated): Assigns the ‘Exchange Administrator’ directory role to the Service Application, necessary for Mailbox reports.
- ‘Maintain access to data you have given it access to’: Essential for generating reports on the InfraSOS Portal.
You'll then be redirected to the portal and you should now see data within the Office 365 Reports menu.