Microsoft 365
Microsoft 365: Turning on Audit Logs
Learn how to turn on M365 Audit Logs—they’re not on by default!
Before you can onboard Microsoft 365 as a data source in Turngate, you must first enable audit logging (per the instructions on Microsoft’s Support site). Audit logging is a special type of customization and by default M365 tenants can’t change this setting without doing some other work first.
The fancy term for what’s required is “Enabling Organization Customization.” Or more specifically, you need to run Enable-OrganizationCustomization via PowerShell in your M365 Tenant.
First, see if your tenant has customization enabled. In PowerShell, run the following command:
Get-OrganizationConfig | FL isDehydratedIf the result is “True” then customization is not enabled. If the result is “False” then you’re good to go and can stop reading here.
If you need to enable customization, run the following command in PowerShell:
Enable-OrganizationCustomizationThen, to verify Customization is enabled, re-run:
Get-OrganizationConfig | FL isDehydratedNow you can turn on audit logs. Be aware that turning on the logs can also have a delay, and logs are only captured from the time you turn them on; there are no logs available prior to flipping the log switch.
Microsoft 365: App Permissions
Set the correct permissions on your App Registration.
Setting the correct permissions to ensure Turngate can access both your user accounts (to link activities to Actors) as well as the Activity records themselves. The API Permissions in the App Registration should look like the below image:
Other Resources
Event Types — Audit Log Activities
Last updated