Skip to content

Office 365 File Storage Prerequisites

Make sure your system fits the descriptions below before starting the installation.


Some prerequisites differ for Exchange Online. Refer to Exchange Online Prerequisites.

When you have confirmed your system meets the requirements, you will create an Azure application for your OneDrive, SharePoint Online, or Exchange Online connector.


Activity Monitor

To perform Activity Monitoring, the Azure AD application for SharePoint Online requires the ActivityFeed.Read permission to access the Office 365 Management APIs.

Permissions Collection

To perform crawl and permissions collection, the Azure AD application for SharePoint Online requires the Sites.FullControl.All permission to access the SharePoint APIs.

Communication Requirements

Requirement Source Destination Port
Data Access Security Activity Monitor Data Access Security Servers 8000-8008
Permissions Collection / Data Classification Permissions Collector/Data Classification SharePoint Online https
Activity Monitoring Activity Monitor Office365 Activity API https
OAuth Access Token Acquisition Permission Collector/Data Classification Collector/Activity Monitor Microsoft Token Endpoint https

Access to the following over HTTPS:

  • https://{tenant-name}*

  • https://{tenant-name}*

  • https://{tenant-name}*

  •* - to monitor and collect event data, using the Microsoft Management API

  •* - for OAuth access token acquisition.

Azure Active Directory Connectivity Requirements

The OneDrive and SharePoint Online Connectors require an AzureAD Identity Collector.

Data Access Security uses the Microsoft Graph REST API, which works exclusively in HTTPs.

The API base path is:, where the tenant domain name is the customer assigned domain name on Microsoft cloud. It is usually in the format of, but might be different in your configuration.

A list of resources that are accessed by Data Access Security using the REST graph API include:

Documentation Feedback