Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Microsoft Office 365 Message Trace

The JSA DSM for Microsoft Office 365 Message Trace collects JSON events from a Microsoft Office 365 Message Trace by using the Office 365 Message Trace API protocol.

To integrate Microsoft Office 365 with JSA, complete the following steps:

  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the https://support.juniper.net/support/downloads/:

    • Microsoft Office Message Trace DSM RPM

    • Protocol Common RPM

    • Office 365 Message Trace API protocol RPM

  2. Add a Microsoft Office 365 Message Trace log source on the JSA Console.

    Tip:

    Basic authorization is the only authentication method that is supported by the Office 365 Message Trace API.

Microsoft Office 365 Message Trace DSM Specifications

When you configure Microsoft Office 365 Message Trace, understanding the specifications for the Microsoft Office 365 Message Trace DSM can help ensure a successful integration. For example, knowing what the supported version of Microsoft Office 365 Message Trace is before you begin can help reduce frustration during the configuration process.

The following table describes the specifications for the Microsoft Office 365 Message Trace DSM.

Table 1: Microsoft Office 365 Message Trace DSM Specifications

Specification

Value

Manufacturer

Microsoft

DSM name

Microsoft Office 365 Message Trace

RPM file name

DSM-Microsoft Office 365 Message Trace -JSA_version-build_number.noarch.rpm

Supported versions

N/A

Protocol

Office 365 Message Trace REST API

Event format

JSON

Recorded event types

Email security threat classification

Automatically discovered?

No

Includes identity?

No

Includes custom properties?

No

More information

Message trace in the Security & Compliance Center

Microsoft office Message Trace REST API Log Source Parameters for Microsoft Office Message Trace

If JSA does not automatically detect the log source, add a Microsoft Office Message Trace log source on the JSA Console by using the Office 365 Message Trace REST API protocol.

When using the Microsoft Office 365 Message Trace REST API protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Microsoft Office 365 Message Trace REST API events from Microsoft Office 365 Message Trace:

Table 2: Microsoft Office 365 Message Trace REST API Log Source Parameters for the Microsoft Office 365 Message Trace DSM

Parameter

Value

Log Source type

Microsoft Office 365 Message Trace

Protocol Configuration

Office 365 Message Trace REST API

Log Source Identifier

A unique identifier for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Office 365 Message Trace log source that is configured, you might want to identify the first log source as OS365MT1, the second log source as OS365MT2, and the third log source as OS365MT3.

Office 365 User Account Email

To authenticate with the Office 365 Message Trace REST API, an Office 365 email account with proper permissions must be provided.

Office 365 User Account Password

To authenticate with the Office 365 Message Trace REST API, use the password that is associated with the User Account Email.

Sample Event Messages

Use this sample event message to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Microsoft Office 365 Message Trace sample message when you use the Office 365 Message Trace REST API protocol

The following sample event message shows that a message was successfully delivered to the intended destination.

{"Organization":"test.oncompany.test","MessageId":"<32A2AAA5SAA4.AAAA00A6A2AA@AA00155AA5A4A6>", "Received":"2020-06-02T01:29:06.3627033"," SenderAddress ":"username@domain.test","Reci pientAddress":"testRecep@test.oncompany.test","Subject":"Azure AD Identity Protection Weekly Digest"," Status ":"Delivered"," ToIP ":null," FromIP ": "10.10.10.12","Size":76047,"MessageTraceId":"66f62cca-c8ce-4436-f519-08d80694575d", " StartDate ":"2020-05-31T16:34:00Z","EndDate":"2020-06-02T16:34:00Z","Index":0}

Table 3: Highlighted Fields

JSA field name

Highlighted payload field name

Event ID

Status

Username

SenderAddress

Source IP

FromIP

Destination IP

ToIP

Device Time

StartDate

Related Documentation