This post is part of a series where we will be using the Log Analytics workspace to store Office 365 information which will then be used to create a dashboard. We will first create the Log Analytics workspace in Azure, then create an app registration in Azure Active Directory, then a Runbook using Automation Accounts to upload data to the Log Analytics workspace and lastly we will be building a dashboard in the Log Analytics workspace.
The following posts are part of these series:
- Creating a Log Analytics workspace in Azure
- Registering an app in Azure Active Directory
- Creating a PowerShell Runbook using Automation Accounts
- Building an Azure dashboard
- Building a Log Analytics workspace dashboard
Registering an app in Azure Active Directory
We are going to register an app in Azure Active Directory which we will use to collect the necessary data. We can then connect to the Office 365 API or Graph API using this app. First browse to the Azure Active Directory on the tenant where you want to collect the data from. You can also use the direct link https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
Click on ‘New registration’
Fill in the required information and click on ‘Register’
Go to ‘API permissions’
Remove any permission that is not needed for this app.
Note: Only grant the least amount of privilege for this app.
I’ve added ServiceHealth.Read for the Office 365 status and Organization.Read.All for the subscriptions information.
Next go to ‘Certificates & Secrets’ as we will be using the secret to connect to this app.
Note: You will only see the value after creating a new secret but you can create a new secret if you lost the value.