General speaking, Foglight Office 365 monitor are coming with two part, exchange 365 and ADFS (Microsoft Active Directory Federation Service) monitoring
For Exchange 365 monitor, you do need have Admin right to grant the application permission consent but it is one time only and we do not store this information. Here are the permission you will grant to Foglight after the make the consent
• Read activity data for your organization (Office 365 Management APIs)
• Read activity reports for your organization (Office 365 Management APIs)
• Read service health information for your organization (Office 365 Management APIs)
• Read contacts in all mailboxes
• Read calendars in all mailboxes
• Read all users’ full profiles
• Read all groups
• Read directory data
• View users’ email address
• View users’ basic profile
• Enable sign-on and read user’s profiles
You also need crate an Azure user with following permission for our agent to collect data
• Password administrator
• Service administrator
• Billing administrator
• Exchange administrator
• User management administrator
For ADFS (Microsoft Active Directory Federation Service) monitoring, you need have a local admin user right for us to connect.
You also need configure your ADFS host to allow WinRM or DCOM ; we provide two script you can use and you can find it via Foglight web console | Administration | Cartridges | Components for download | Exchange-DCOM/WinRm-Configuration