Office 365 Uh

Posted on by



Ask Us, University of Hawaii System. This is the master list of ITS supported software for Windows and Mac operating systems. ITS provides full technical support for the software and operating systems on the master list, unless otherwise marked (. = limited support). ITS provides 'best effort' support for software and operating systems not on the supported software list. Microsoft Stream Video Permissions; How to Prevent Students Sending Spam in MS Outlook. Instruction is devoted to offering UH instructors the latest in educational technology and instructional design thinking and showcases much of the fine work of the UH faculty in these areas. We have also put together quick tutorials to help. Information Technology Services (ITS) has established a licensing agreement under the Microsoft Academic Select Program for all University of Hawaiʻi (UH) Departments. This program provides perpetual licenses at volume pricing for a variety of Microsoft products. Purchases through this program can be made ONLY by UH Departmental payments. Get started with Office 365 for free. Students and educators at eligible institutions can sign up for Office 365 Education for free, including Word, Excel, PowerPoint, OneNote, and now Microsoft Teams, plus additional classroom tools. Use your valid school email address to get started today. If you have any general questions regarding the Office 365 for Education program at UH, please contact the Site License Administrator at (808) 956-5783 or sladmin@hawaii.edu.

Microsoft Software

If you are part of the University of Hawaii and would like to purchase software using personal funds, you have a few options:
  • University of Hawaii Bookstore
    • Microsoft Office 365 University (4-Year Subscription for $79.95)
    • Microsoft Office for Mac 2011 Home & Student (Perpetual License for $139.95)
    • Microsoft Office 2013 Home & Student versions (Perpetual License for $139.95)
    • Microsoft Windows 8 Professional Upgrade (Perpetual License for $199.00)

Office 365 Education for Students

If you are an active faculty, staff or student at Honolulu Community College, Leeward Community College or Windward Community College, you may be eligible for the free Microsoft Office 365. Please visit the Office 365 at UH page for more details.

Open Source Alternatives to Microsoft Office

A list of open source alternatives to Microsoft Office is available here:

Note: Update 6/8/2020. The Office 365 management API changed the status code of some of the endpoints and the integration script had to be properly updated.

Microsoft provides a single pane of glass for all Office 365 tasks through the Office 365 management APIs. This includes service communications, security, compliance, reporting and auditing related events.

Wazuh can help you get insight into this vast array of information by ingesting it and alerting based on custom rules.

Register your app

To authenticate with the Microsoft identity platform endpoint you need to register an app in your Microsoft Azure portal app registrations section. Once there click on New registration:

Fill in the name of your app, choose the desired account type and click on the Register button:

Microsoft

The app is now registered and you can see information about it in its overview section:

Take note of the tenant and client IDs as you will use them later on.

Certificates & secrets

You can generate a password to use during the authentication process. Go to Certificates & secrets and click on New client secret:

Note: Make sure you write it down because the UI won’t let you copy it afterwards.

API permissions

The application needs specific API permissions to be able to request the Office 365 activity events. In this case you are looking for permissions related to the https://manage.office.com resource.

To configure the application permissions go to the API permissions page, choose Add a permission, then select the Office 365 Management APIs and click on Application permissions:

You need to add the following permissions under the ActivityFeed group:

Office 365 Uhn

  • ActivityFeed.Read. Read activity data for your organization.
  • ActivityFeed.ReadDlp. Read DLP policy events including detected sensitive data.

Content types

The Office 365 management activity API aggregates actions and events into tenant-specific content blobs. There are five categories depending on the type and source of the content:

  • Audit.AzureActiveDirectory. User identity management.
  • Audit.Exchange. Mail and calendaring server.
  • Audit.SharePoint. Web-based collaborative platform.
  • Audit.General. Includes all other workloads not included in the previous content types.
  • DLP.All. Data loss prevention workloads.

You can find more details about the events and their properties associated with these here.

Fetching the events

The following script takes care of enabling and collecting Office 365 content type subscriptions. It is designed to run on the Wazuh manager without you needing to install any dependency in it:

Script usage

These are the parameters you can/need to pass to the script:

  • tenantId. Your globally unique AAD identifier. Required.
  • clientId. Your application identifier. Required.
  • clientSecret. Password to authenticate the application. Required.
  • contentTypes. Space separated list with the content types that you want to list events for. Required.
  • hours. Time range to search events for. Max 24h. Required.
  • debug. Debug flag for the script. Optional.

And this is an execution example:

Script overview

The first step is to request a token from the Microsoft identity platform for accessing the https://manage.office.com resource:

Then it starts/stops the content type subscriptions specified in the parameters:

After that it lists every subscription event and sends them to the Wazuh manager via socket:

Wazuh manager configuration

Script execution

University of houston 360

Office 365 Uhcl

You can configure the Wazuh manager to schedule commands and scripts by using the command module. You will use it to run the previous script on an interval basis.

For that you need to add the following configuration block in your /var/ossec/etc/ossec.conf file (don’t forget to restart the Wazuh manager afterwards):

Note: Modify the script parameters with your credentials, content types and time range options.

You can read more about scheduling commands here.

Rules

Office 365 logs conform to the JSON schema and Wazuh will automatically decode them. For more information please refer to Wazuh JSON decoder.

This is a generic rule that will trigger an alert regardless of the event type. Place it in your Wazuh manager /var/ossec/etc/rules/ folder:

Don’t forget to restart the Wazuh manager afterwards.

Use cases

Microsoft

Azure Active Directory logins

This is a sample alert for a UserLoggedIn operation:

Sharepoint file access

This other alert represents a FileAccessed event from a Microsoft Excel file:

Exchange mailbox operation

Here you can see a New-Mailbox alert from Microsoft Exchange:

Sample dashboard

You can easily build custom visualizations and dashboards from these alerts by taking advantage of Kibana capabilities:

Read more about building dashboards here.

References

If you have any questions about this, join our community. Our team and contributors will help you.