Office 365 File Storage Prerequisites
Make sure your system fits the descriptions below before starting the installation.
Note
Some prerequisites differ for Exchange Online. Refer to Exchange Online Prerequisites.
When you have confirmed your system meets the requirements, you will create an Azure application for your OneDrive, SharePoint Online, or Exchange Online connector.
Permissions
Activity Monitor
To perform Activity Monitoring, the Azure AD application for SharePoint Online requires the ActivityFeed.Read permission to access the Office 365 Management APIs.
Permissions Collection
To perform crawl and permissions collection, the Azure AD application for SharePoint Online requires the Sites.FullControl.All permission to access the SharePoint APIs.
Communication Requirements
| Requirement | Source | Destination | Port |
|---|---|---|---|
| Data Access Security | Activity Monitor | Data Access Security Servers | 8000-8008 |
| Permissions Collection / Data Classification | Permissions Collector/Data Classification | SharePoint Online | https |
| Activity Monitoring | Activity Monitor | Office365 Activity API | https |
| OAuth Access Token Acquisition | Permission Collector/Data Classification Collector/Activity Monitor | Microsoft Token Endpoint | https |
Access to the following over HTTPS:
-
https://{tenant-name}.sharepoint.com/*
-
https://{tenant-name}-admin.sharepoint.com/*
-
https://{tenant-name}-my.sharepoint.com/*
-
https://manage.office.com/* - to monitor and collect event data, using the Microsoft Management API
-
https://login.microsoftonline.com/* - for OAuth access token acquisition.
Azure Active Directory Connectivity Requirements
The OneDrive and SharePoint Online Connectors require an AzureAD Identity Collector.
Data Access Security uses the Microsoft Graph REST API, which works exclusively in HTTPs.
The API base path is: https://graph.microsoft.com/v1.0/, where the tenant domain name is the customer assigned domain name on Microsoft cloud. It is usually in the format of domain_name.onmicrosoft.com, but might be different in your configuration.
A list of resources that are accessed by Data Access Security using the REST graph API include: