KBI 312013 Required Permissions To Monitor Microsoft 365 Audit Logs

Version

All Versions of Argent Omega

Date

Monday, 12 September 2022

Summary

Argent has the capability to monitor Microsoft 365 Audit Logs for compliance reasons

Technical Background

Argent application (created earlier) will be configured with “AuditLog Read all”, and “Directory Read all” permissions from the Microsoft Graph API

Resolution

Navigate to https://aad.portal.azure.com

directly or click on “Azure Active Directory” from Microsoft 365 Admin Center

Log in with an account that has permission to edit App Registration

Click on “Azure Active Directory” from the left panel

Select “App Registration” and click on the Argent application to edit i.e. “Argent”



Click For Full Size

Navigate to “API Permissions”

Click on “Add a permission”



Click For Full Size

Select “Microsoft Graph”



Click For Full Size

Click on “Application Permissions”



Click For Full Size

Scroll down to the AuditLog menu and select the “Read all audit log data” checkbox



Click For Full Size

Lastly, scroll down to the Directory menu and select the “Read directory data” checkbox



Click For Full Size

Click on “Add permissions” and an admin has to approve for the changes to take effect

Chances are the logged-on account already has the correct permission to approve

Click on Grant admin consent for your current tenant and select “Yes”



Click For Full Size