1- Azure Active Directory resource is selected from https://portal.azure.com.
“Directory Admin” account is required for actions to be taken.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
2- Then the “App Registrations” category is selected.
3- A new application registration is made by clicking on “New registration”.
4- After the application name is given, registration is provided with the register button.
5- After the application is registered, on the application screen that opens, “Application(client) ID” and “Directory(tenant) ID” values are registered to be used in API integration.
6- To authorize the application in Office 365, API Permission category is opened from the left side.
7-Click on “Add a permission” under API Permissions and select “Office 365 Management APIs” from the window that opens on the right side.
8-Select Application permissions. ActivityFeed.Read and ActivityFeed.ReadlDlp permissions are checked under ActivityFeed in the menu that opens below and click on Add Permissions button.
9-After adding the authorizations, authorization is made with the "Grant admin consent" button and the authorizations are granted. A green tick appears in the status column.
10- Select the "Certificates & secrets" category on the left and click the New client secret button.
A client secret is created by giving Description and validity time in the popup window that opens at the top.
Note that: The created client secret value should be noted for API integration.
11-Go to https://compliance.microsoft.com/auditlogsearch.
Click on the "Start recording user and administrator activity" button and logging is enabled.
12- Press the "+Device" button under Settings- Data Collection in the Logsign Unified SecOps Platform. In the window that opens, the API integration type is selected and the "save" button is clicked after the necessary columns are filled.