Office 365 Message Trace Prerequisites

This guide consists prerequisites for Office 365 message trace.

  • Telnet connections to be allowed from Event Collector to ‘reports.office365.com’ using HTTPS (port 443).
  • Office 365 email account username and password to be provided.
Office 365 email account should have the permissions to read the reports in the Office 365 organization.

 

Prerequisites

Office 365 Subscription

Minimum Permissions Needed in Office 365

The Microsoft API used by the QRadar Protocol only supports Basic Authentication (username and password). Creating a new role for the user account with the following permissions is recommended:

  • Message Tracking
  • View-Only Audit Logs
  • View-Only Configuration
  • View-Only Recipients


Reference:

https://docs.microsoft.com/en-us/previous-versions/office/developer/o365-enterprise-developers/jj984335(v=office.15)?redirectedfrom=MSDN

https://www.ibm.com/mysupport/s/question/0D50z00006PFbaX/office-365-message-trace-logs?language=ko