1. Using Oracle CASB Cloud Service
  2. Setting Up Cloud Applications for Monitoring
  3. Setting Up Microsoft Office 365
  4. Preparing Microsoft Office 365

Preparing Microsoft Office 365

Create a dedicated Office 365 account that is reserved for communication with Oracle CASB Cloud Service.

Prerequisite:

In order to be monitored by Oracle CASB Cloud Service, your Office 365 instance must be running under at least an E3 license.

Creating the Dedicated Oracle CASB Cloud Service User

Create and configure a dedicated Office 365 user that is reserved for communication with Oracle CASB Cloud Service.

This login is reserved for Oracle CASB Cloud Service. To maintain accurate activity records, the Oracle CASB Cloud Service user's login must never be shared.

Note:

It can be helpful to create an email alias for the Oracle CASB Cloud Service user, and forward email from this alias to your own email so that you can receive notifications that are sent to Oracle CASB Cloud Service.
  1. Log in to Office 365, click the Apps icon, then click Admin to access the Admin center.

    Note:

    If you log in to Office 365 as a global administrator, the Office 365 application that Oracle CASB Cloud Service creates in Office 365 during integration is validated automatically. If you log in with less that global administrator privileges, a global administrator will have to validate the application manually to enable the connection to Oracle CASB Cloud Service.
  2. In the left navigation panel, expand Users and select Active users.
  3. On the Active users page, click + Add a user.
  4. In the Set up the basics page:

    • Enter a Display name.

    • For User name, enter the first part of the email address for this user (omit the "@" and domain).

    • Do not change the email domain default value.

      This domain will be combined with the User name entry to create the full email address.

  5. Under Password settings:

    • Select Let me create the password.

    • Enter and confirm a strong password for this user, and then copy this password for later use.

      The account password should be complex (for example, at least 12 characters, with a combination of letters and numbers). As a result, you should log in one time on behalf of this account to set an appropriate password before registering it with Oracle CASB Cloud Service. Oracle CASB Cloud Service will monitor the activity of all users in the account that this administrator belongs to. Have this user's login credentials on hand when you register the account in the Oracle CASB Cloud Service console

    • Disable the check box (ensure that it is not selected): Require this user to change their password when they first sign in.

  6. Click Next.
  7. On the Assign product licenses page:

    • Drop down the Select location list and select the country of your license.

    • Ensure that Assign user a product license is selected, and then select the appropriate licensing option.

    • Click Next.

  8. On the Assign product licenses page:

    • Select User (no administrator access).

      Note:

      If you prefer, a user with additional privileges that Oracle CASB Cloud Service doesn't require can be used instead. Security best practice is to provide only the minimal privileges that are required.

    • Click Next.

  9. On the You’re almost done… page:

    • Review the settings you’ve assigned to this user.

    • Click Edit below any item to change the setting.

  10. Click Finish adding.
  11. Click Close.

Next Steps

If you didn't log in to Office 365 as a global administrator before you performed the steps above, the Office 365 application that Oracle CASB Cloud Service creates in Office 365 during integration must be validated manually by an Office 365 global administrator.

Verifying That Credentials Propagate to Office 365 Logs and Reports

Ensure that the new user's credentials are propagated throughout Office 365.

  1. Go to this URL: https://reports.office365.com
  2. When you are prompted, enter the credentials for the Oracle CASB Cloud Service user.
  3. If you receive an HTTP 401 error, wait for an hour and retry the login.
If you see a screen with plain text data (which can include actual report data, depending on the amount of time elapsed between creating the Oracle CASB Cloud Service user and logging in), the Oracle CASB Cloud Service user is now able to collect log data.

What To Do Next

What you do next depends on how users log in to Office 365.