• You must enable Audit Logs in Office 365 in order to use this feature
  • You must have admin rights to your Office 365 installation

Getting started

  1. Click here to go to Office 365 settings in the Perch app
  2. Authorize Perch to access your Office 365 logs
  3. Test that Perch can ingest logs from Office 365
  4. Enable log ingestion

Authorize Perch

In order for Perch to access your Office 365 logs, you must explicitly grant access. This occurs in an OAuth flow… if you know what that means, you get a cookie. If it’s all Greek to you, it means:

  1. Click the “Authorize” button from the Office 365 settings panel
  2. A new window will open with a Microsoft prompt to allow access - click “Accept”
  3. You will be redirected to Perch - close the window

oauth flow

Test ingestion

In order to start collecting logs from Office 365, Perch needs to ensure that the Office 365 instance has logs and that we are able to ingest them properly. The “Test” button will handle this when clicked.

NOTE: It may take up to 24 hours for Microsoft to configure your tenant after authorization, during which verification may fail.

As per Microsoft, there is no guaranteed maximum latency for notification delivery (in other words, no SLA). Microsoft Support’s experience has been that most notifications are sent within one hour of the event. Often the latency is much shorter, but often it’s longer as well. This varies somewhat from workload to workload, but a general rule is that most notifications will be delivered within 24 hours of the originating event.

If at anytime after setup you feel the need to test that your Office 365 integration is still working as expected, simply click the “Test” button again.

Enable log ingestion

Like all Perch integrations, you can enable or disable Office 365 log ingestion at any time by toggling the switch from “OFF” ( gray ) to “ON” ( purple ), or the other way around.

Enable Office 365

When disabling Office 365 log ingestion, your configuration is preserved so you will not have to reauthorize Perch when you would like to re-enable it.