"

How to prepare Azure AD, Exchange Online and SharePoint Online data collecting account for Office 365 with enabled Microsoft baseline protection policy?

Last review: Aug 08, 2018
https://kb.netwrix.com/580
Copy Article URL Copied

How to ensure that your Netwrix Auditor data collecting account can access Office 365 data sources: Azure AD, Exchange Online, and SharePoint Online?


As Microsoft announced a new feature called baseline protection policy that is going to be effective in near future, users of Netwrix Auditor for Azure AD, Exchange Online and SharePoint Online should take steps to prevent data collection errors.
Baseline protection is a set of predefined conditional access policies. The goal of these policies is to ensure that you have at least the baseline level of security enabled in Office 365. These policies apply multi-factor authentication (MFA) for administrators’ accounts (including Global administrator, SharePoint administrator, Exchange administrator directory roles). The account used by Netwrix Auditor to collect data from Office 365 data sources is assigned the Global Administrator role in Azure AD, Exchange Online and SharePoint Online environment.
To prevent Office 365 data collection errors, you need to exclude the data collecting account used by Netwrix to audit Azure AD, Exchange Online and SharePoint Online.
For more information on Microsoft baseline policy, refer to the corresponding Microsoft article: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection
Note: Since the credentials for this account are stored securely and are used only by the service, excluding the account from MFA does not put it at additional risk.

Do the following:

  1. Sign-in to the Azure portal with a global administrator, security administrator, or conditional access administrator account.
  2. Navigate to the Conditional access blade. You’ll see the baseline policy to require MFA for admins.
  3. Click on the baseline policy and navigate to Exclude users and groups at the bottom of the policy settings.
User-added image
  1. In the Select field, enter the name of the account used by Netwrix Auditor to collect data from your Office 365 data source.
  2. Select the account in the list and click Select.
  3. Save your changes—Click Done and then Save.

Review the following Netwrix Help Center articles:

 

Original KB Article 2118

Go Up