Detailed instructions on how to manually create an Azure Web App for Change Auditor (4351172)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Detailed instructions on how to manually create an Azure Web App for Change Auditor
Description

Require all the detailed instructions to manually create a web application in Azure tenant that can be leveraged with the CA Azure template wizard using the "use existing web application" instead of the automatic "create a new web application" option.
Cause

Sometimes, due to firewall restrictions, or permissions issues, it is necessary to create the WebApp manually which is used with the Azure/O365 Auditing template.
Resolution

Steps to create a web application in Azure Portal using the 'new' App Registrations UI:

1. If applicable, delete the problematic template from CA client and restart the CA agent where it was assigned.

2. In the Azure Portal, navigate to Azure Active Directory | App Registrations | New registration

3. Provide the details (example):

Note: the name must be unique like ChangeAuditorAppxxxxxxxx where xxxxxxxx are any random letters and numbers to ensure the application name is unique. The Redirect URI should have reply appended to the end of the Application Name

Name: ChangeAuditorAppxxxxxxxx

Supported Account Types: Accounts in this organizational directory only (MSFT only - Single tenant)

Redirect URI (for Change Auditor 7.1.1): Select Web and type the following URl https://ChangeAuditorAppxxxxxxxxreply

Redirect URI (for Change Auditor 7.2): Select Web and type the following URl https://TenantName/ChangeAuditorAppxxxxxxxx/reply

4. Register the app

5. Click on the newly registered app to open its properties.

6. On the left menu, click on "API Permissions" and follow the below mentioned steps:

a) Click on "+ Add a permission"

b) Click on Microsoft Graph

c) Click on Application permissions

d) In the filter, paste AuditLog.Read.All, expand the list, enable the checkbox, and then click Add Permissions

e) Perform steps a, b & c again, in the filter, paste Directory.Read.All, expand the list, enable the checkbox, and then click Add Permissions

f) Perform steps a, b & c again, in the filter, paste IdentityRiskEvent.Read.All, expand the list, enable the checkbox, and then click Add Permissions

g) Click on "+ Add a permission"

h) Click on Office 365 Management APIs

i) Click on application permissions

j) In the filter, paste in ActivityFeed.Read, expand the list, turn on the checkbox (don't check the ActivityFeed.ReadDlp permission), and then click Add Permissions

k) Click on "+ Add a permission"
l) Click on APIs my organization uses tab
m) Search for Office 365 Exchange Online
n) Click on Application Permissions
o) In the filter, paste in Exchange.ManageAsApp, expand the list, enable the checkbox for Exchange.ManageAsApp, and then click Add Permissions

7. Click 'Grant admin consent for MSFT', and then click Yes.

8. Create a client secret under Certificates & Secrets.

a) Click on "Certificates & Secrets" on the left menu

b) Click on "+New Client Secret"

c) Enter "ChangeAuditorAppxxxxxxxx" in the description, select an appropriate expiry from the "Expires" dropdown, and then click "Add"

9. Copy the Value for later use in CA. It cannot be retrieved later.

10. Only use this option if you are creating an O365 template - Upload a Certificate under Certificates & Secrets.

a) Click on "Certificates & Secrets" on the left menu

b) Click on Certificates, and then select "Upload certificate"

c) Select the certificate that you have created and enter "ChangeAuditorAppxxxxxxxx" into the description, and then click "Add"

11. Copy the Application (client) ID from the Overview tab

12. Create a new Azure AD/O365 template for in CA client using the tenant name (adc.onmicrosoft.com), web app ID, and value.

Azure AD template:

a) From the CA Client, click on View | Administration

b) On Administration Tasks tab, click on the Auditing in the lower left side corner

c) Click on Azure Active Directory on the menu on the left

d) On the right-hand pane, click +Add to start the template wizard

e) In the pop-up, select the "use existing web application" radio button

f) Enter the tenant FQDN (i.e., adc.onmicrosoft.com)

g) Enter the Value and Application ID that you copied earlier

h) Enable the options under the Activity section

i) Select the agent that you will be be using to audit

j) Click on "Finish"

O365 template:

a) From the CA Client, click on View | Administration

b) On Administration Tasks tab, click on the Auditing in the lower left side corner

c) Click on O365 on the menu on the left

d) On the right-hand pane, click +Add to start the template wizard

e) In the pop-up, select the "use existing web application" radio button

f) Enter the tenant FQDN (i.e., adc.onmicrosoft.com)

g) Enter the Application ID, enter the Value, and upload the certificate that you have created (this certificate must match the certificate that you have uploaded to the registered Azure App).

h) Enable options under the Office 365 Services Selection

i) Select the agent that you will be using to audit

j) Configure auditing as per your requirement

k) Configure Option Excluded Operations as per your requirement

l) Click on "Finish"

13. Configuration should created successfully. You should start to see Azure/ O365 events show up in the overview tab within a few minutes.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Detailed instructions on how to manually create an Azure Web App for Change Auditor (4351172)

Title

Description

Cause

Resolution

Leave a Comment