Office 365 File Storage Prerequisites
Make sure your system fits the descriptions below before starting the installation.
To perform Activity Monitoring, the Azure AD application for SharePoint Online requires the
ActivityFeed.Read permission to access the Office 365 Management APIs.
To perform crawl and permissions collection, the Azure AD application for SharePoint Online requires the
Sites.FullControl.All permission to access the SharePoint APIs.
|Data Access Security
|Data Access Security Servers
|Permissions Collection / Data Classification
|Permissions Collector/Data Classification
|Office365 Activity API
|OAuth Access Token Acquisition
|Permission Collector/Data Classification Collector/Activity Monitor
|Microsoft Token Endpoint
Access to the following over HTTPS:
https://manage.office.com/* - to monitor and collect event data, using the Microsoft Management API
https://login.microsoftonline.com/* - for OAuth access token acquisition.
Azure Active Directory Connectivity Requirements
The OneDrive and SharePoint Online Connectors require an AzureAD Identity Collector.
Data Access Security uses the Microsoft Graph REST API, which works exclusively in HTTPs.
The API base path is: https://graph.microsoft.com/v1.0/, where the tenant domain name is the customer assigned domain name on Microsoft cloud. It is usually in the format of domain_name.onmicrosoft.com, but might be different in your configuration.
A list of resources that are accessed by Data Access Security using the REST graph API include: