To create an Azure/O365 web application in Azure Portal using the 'new' App Registrations UI:
1. If applicable, delete the problematic template from CA client and restart the CA agent where it was assigned.
2. In the Azure Portal, navigate to Azure Active Directory | App Registrations | New registration
3. Provide the details (example):
Note: the name should be ChangeAuditorAppxxxxxxxx (where xxxxxxxx are any random letters and numbers to ensure the application name is unique. The Redirect URI should have reply appended to the end of the Application Name
Name: ChangeAuditorApp0z15481a
Supported Account Types: Accounts in this organizational directory only (TenantName- Single tenant)
Redirect URI (for Change Auditor 7.1.1): https://ChangeAuditorApp0z15481areply
Redirect URI (for Change Auditor 7.2): https://TenantName/ChangeAuditorApp0z15481a/reply
4. Register the app
5. Click on the newly registered app to open its properties
NOTE: The following permissions are needed:
Microsoft Graph Application permissions:
• AuditLog.Read.All – Application - Read all audit log data
• Directory.Read.All – Application - Read directory data
• IdentityRiskEvent.Read.All – Application - Read all identity risk information
Office 365 Management APIs Application permissions:
• ActivityFeed.Read – Application - Read activity data for your organization
6. On the left menu, click on "API Permissions" and add the additional following permissions:
a) Click on "+ Add a permission"
b) Click on Microsoft Graph
c) Click on application permissions
d) In the filter, paste in AuditLog.Read.All, expand the list, turn on the checkbox, and then click Add Permissions
e) Perform steps a, b & c again, in the filter, paste in Directory.Read.All, expand the list, turn on the checkbox, and then click Add Permissions
f) Perform steps a, b & c again, in the filter, paste in IdentityRiskEvent.Read.All, expand the list, turn on the checkbox, and then click Add Permissions
g) Click on "+ Add a permission"
h) Click on Office 365 Management APIs
i) Click on application permissions
j) In the filter, paste in ActivityFeed.Read, expand the list, turn on the checkbox (don't check the ActivityFeed.ReadDLP permission), and then click Add Permissions
7. Click 'Grant admin consent for TenantName', and then click Yes.
8. Add a client secret under Certificates & Secrets.
a) Click on "Certificates & Secrets" on the left menu when looking at the ChangeAuditorApp0z15481a app's properties.
b) Click on "+New Client Secret"
c) Enter "ChangeAuditorApp0z15481a" into the description, select an appropriate expiry from the "Expires" dropdown, and then click "Add"
9. Copy the now available secret value for later use in CA. It cannot be retrieved later.
10. Take the Application (client) ID from the Overview tab and the key from step 8 for later. (this is the ID for the ChangeAuditorApp0z15481a WebApp, not for the secret you just created)
11. Create a new Azure AD/O365 template for in CA client using the tenant name, and the recently created web app ID+key from earlier steps.
a) From the CA Client, clic on View | Administration
b) On Administration Tasks tab, click on the Auditing blade in the lower left
c) Click on Azure Active Directory on the menu on the left
d) On the right-hand pane, click +Add to start the template wizard
e) In the pop-up, select the "use existing web application" radio button
f) Enter the tenant FQDN (ie mytenant.onmicrosoft.com)
g) Enter the Appication ID and Application keys that you copied from steps 9 and 10
h) Turn on your selected options under the Acivity section
i) Select the agent that you are going to be using to audit the azure data with
j) Click on "Finish"
12. Configuration should be created successfully. You should start to see Azure events show up in the overview tab within a few minutes.