1- Azure Active Directory resource is selected from https://portal.azure.com.
“Directory Admin” account is required for actions to be taken.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
2- Then the “App Registrations” category is selected.
3- A new application registration is made by clicking on “New registration”.
4- After the application name is given, registration is provided with the register button.
5- After the application is registered, on the application screen that opens, “Application(client) ID” and “Directory(tenant) ID” values are registered to be used in API integration.
6- To authorize the application in Office 365, API Permission category is opened from the left side.
7-Click on “Add a permission” under API Permissions and select “Office 365 Management APIs” from the window that opens on the right side.
8-Select Application permissions. ActivityFeed.Read and ActivityFeed.ReadlDlp permissions are checked under ActivityFeed in the menu that opens below and click on Add Permissions button.
9-After adding the authorizations, authorization is made with the "Grant admin consent" button and the authorizations are granted. A green tick appears in the status column.
10- Select the "Certificates & secrets" category on the left and click the New client secret button.
A client secret is created by giving Description and validity time in the popup window that opens at the top.
Note that: The created client secret value should be noted for API integration.
11-Go to https://compliance.microsoft.com/auditlogsearch.
Click on the "Start recording user and administrator activity" button and logging is enabled.
12- Press the "+Device" button under Settings- Source List in the Logsign SIEM. In the window that opens, the API integration type is selected and the "save" button is clicked after the necessary columns are filled.