This guide consists prerequisites for Office 365 message trace.
- Telnet connections to be allowed from Event Collector to ‘reports.office365.com’ using HTTPS (port 443).
- Office 365 email account username and password to be provided.
Office 365 Subscription
Minimum Permissions Needed in Office 365
The Microsoft API used by the QRadar Protocol only supports Basic Authentication (username and password). Creating a new role for the user account with the following permissions is recommended:
- Message Tracking
- View-Only Audit Logs
- View-Only Configuration
- View-Only Recipients