Skip to main content
With the BlueApp for Office 365, you can monitor all of your Microsoft Office 365 cloud applications, track user activity, and receive alerts in USM Anywhere for suspicious and malicious activity in your environment. This integration gives you the ability to collect additional information about your environment and what your users are doing, which drives investigation and incident response processes. The BlueApp for Office 365 supports the following features:
  • Out-of-the-box correlation rules for Office 365 events, enabling USM Anywhere to automatically create to notify you about suspicious activity in your environment.
  • Predefined dashboards that give an overview of Microsoft OneDrive, Microsoft SharePoint, and Microsoft Azure Active Directory (AD) activity and provide quick visibility into Office 365 events to streamline your investigation and incident response processes.
  • Direct access to the Microsoft Office 365 Management Activity API, giving you comprehensive visibility, a richer data set, and greater control over your cloud security, with information about your user, administration, system, and policy actions and events from Office 365 and Azure AD activity logs.
If you’re a Microsoft Windows user and want to include Office 365 logs in your USM Anywhere environment but don’t yet use Azure, you’ll need to sign up for an Azure subscription. The subscription is required to connect to the APIs that access your Office 365 environment.It is not required that you deploy the USM Anywhere Azure Sensor to use the BlueApp for Office 365. You can use any deployed sensor for the BlueApp connection.
If the BlueApp fails and you receive a message informing you that it has not been loaded, please contact LevelBlue Technical Support to solve the problem.
This topic discusses these subtopics:

Related Video Content

To view other related training videos, click here.
I