# Microsoft 365

## Microsoft 365: Turning on Audit Logs

Learn how to turn on M365 Audit Logs—they’re not on by default!

Before you can onboard Microsoft 365 as a data source in Turngate, you must first enable audit logging (per the [instructions on Microsoft’s Support site](https://learn.microsoft.com/en-us/purview/audit-log-enable-disable)). Audit logging is a special type of customization and by default M365 tenants can’t change this setting without doing some other work first.

{% hint style="info" %}
If you are getting the error: "Microsoft.Exchange.Configuration.Tasks.InvalidOperation|nDehydratedContextException The command you tried to run isn't currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization" its likely because you are trying to access Audit Logs and haven't yet completed these steps.
{% endhint %}

The fancy term for what’s required is “Enabling Organization Customization.” Or more specifically, you need to run `Enable-OrganizationCustomization` via PowerShell in your M365 Tenant.

First, see if your tenant has customization enabled. In PowerShell, run the following command:

```powershell
Get-OrganizationConfig | FL isDehydrated
```

If the result is “True” then customization is not enabled. If the result is “False” then you’re good to go and can stop reading here.

If you need to enable customization, run the following command in PowerShell:

```powershell
Enable-OrganizationCustomization
```

Then, to verify Customization is enabled, re-run:

```powershell
Get-OrganizationConfig | FL isDehydrated
```

{% hint style="info" %}
NOTE: it may take up to 30 minutes for this change to take effect. So, maybe step out for a coffee or patch some systems and then check again to see if the change took.
{% endhint %}

Now you can turn on audit logs. Be aware that turning on the logs can also have a delay, and logs are only captured from the time you turn them on; there are no logs available prior to flipping the log switch.

## Microsoft 365: App Permissions

Set the correct permissions on your App Registration.

Setting the correct permissions to ensure Turngate can access both your user accounts (to link activities to Actors) as well as the Activity records themselves. The API Permissions in the App Registration should look like the below image:

<figure><img src="/files/PnxqG65ZM7g2sVihsYZN" alt=""><figcaption></figcaption></figure>

### Other Resources

Event Types — [Audit Log Activities](https://learn.microsoft.com/en-us/purview/audit-log-activities)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://support.turngate.io/setup/integrations/microsoft-365.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.