Configuring BMC Defender Office 365 Adapter

The Office 365 Agent Adapter program requires only limited configuration, usually a one-time configuration of the Messages > Adapters > Office 365 parameters. Configuration of the parameters requires a BMC Admin type of log on. The BMC administrator accesses the Messages > Adapters > Office 365 tab (added to the system using the installation procedure of the previous section) and then clicks Edit to access the parameters. The operator then enters the required parameters, clicks Save, and then restarts the agent using the Restart Agent Process link.

Any errors encountered prevent parameters from being saved. Additionally, once the agent is started, the administrator can view the CO-o365.exe process error log, and the SIEM agent Java debug log.

Note

To configure, the agent requires:

  1. Knowledge of the path-name to the Java.exe program, part of the Oracle JRE on the platform;
  2. Knowledge of the Microsoft SIEM Agent Jar file, downloaded during the installation procedure, and;
  3. The Security token for the m.

This section provides additional operational and application notes on how to use the Office 365 Agent Adapter, including special caveats and operating examples.

Following is the summary of this section and additional notes: 

  • The CO-o365.exe program is configured using a special screen available to administrators. This screen is found in the Messages > Adapters tab of the system. 
  • Configuration items for the CO-o365.exe process include the location of the Java.exe program, the name of the Microsoft SIEM Agent jar file, and a Security Token.
  • The Security Token value can either be Not Configured or Configured. For the agent start, the Security Token should be Configured.
  • The Security Token is encrypted on the disk and is not recoverable by end users. The operator should copy and paste this long random value (acquired from Microsoft Cloud App Security Portal) into the system.
  • The CO-o365.exe program includes a detailed log file, viewable using the View Process Log link at the top of the screen. 

Note

After making any changes to the configuration parameters, you must click the Restart Agent Process to apply the changes. The Microsoft SIEM Agent program reads changes only when it starts. Failure to restart the agent after making changes is a common mistake.

This section provides information about the following topics:

Related topics

BMC-Defender-Office-365-adapter-deprecated

Installing-BMC-Defender-Office-365-adapter


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*