Setting up subscription service for Office 365 Audit log data using Office Management API
In the previous blogs here, we have seen how to pull audit log data using Office 365 Management Activity API and store it in Azure Table for further processing. In this blog, we will look at how to start the subscription service for Office 365 Management Activity API before the audit log data can be retrieved.
We need to fulfil some of the prerequisties before starting the subscription service
- We will need a Tenant Admin account to create an Azure AD application and granting admin consent to API permissions
- An Internet browser to query and receive initial code for token generation
- An API query tool such as Postman to query POST requests and get the token
In order to start the subscription, we will need an Azure AD app which has been given Office 365 Management API permissions. We will then use the App to generate an access token to start the service. Below are the steps on how to do that.
- The first step is to create an Azure AD app. Make sure to provide a valid redirect uri in Authentication section. The redirect uri will be required to gather the code when authenticating the app later.
For detailed steps on how to create an Azure AD app, check here.
- Below are the API permissions to be provided for the Azure AD app. The API permissions will need Tenant Admin consent for them to be activated
- After the Azure AD app is ready, the Tenant admin needs to generate a consent code that could be use to retrieve the application token to start the subscription service. To get the cosent code, generate the url as below and then put it on a browser. Then login with the Tenant admin account to consent the access.
client_id = Azure AD App Client ID,
redirect_url = Redirect URI provided with the Azure AD app
After consenting the above URL, it will generate a consent code in the below format. Please copy that code and remember to ignore the session_state parameter following the code.
- After the above code is available, we will use Postman to do a POST query and fetch the access token. Below is the URL and Request body of the request (see screenshot for reference)
POST URL: https://login.windows.net/common/oauth2/token
Request Header: Content-type = application/x-www-form-urlencoded
Request body parameters of type x-www-form-urlencoded
client_id: <Azure AD App ID>
redirect_uri: <Redirect url from Azure AD App>
client_secret: <Azure AD App Client secret>
code: <Code from above step>
As output of the above request, we will get a json output with the access token parameter to start the service
- With the access token received above, we can start the service using the below URL with a POST request in Postman.
tenantID = Tenant ID of the subscrption, can be found in Azure AD App Overview or Azure AD properties
contentType = Type of content to be subscribed. E.g. Audit.SharePoint, more information can be found here
The access token needs to put in the Authorization tab of the Request in Postman.
If the above process, worked fine, we would received a HTTP sucessful response (200 OK) with a Json reply stating the subscription is enabled.
In this blog, we looked at how to enable the subscription service for Office 365 management API.