Skip to main content

Microsoft Office 365 Data Source

The Microsoft Office 365 connector enables you to access Microsoft Graph API endpoints to retrieve user information, service health data, DLP audit logs, and other Office 365 management data. This connector is particularly useful for applications that need to extract user data, monitor service health, analyze security and compliance events, or integrate Office 365 data with other systems. Follow the instructions below to create a new data flow that ingests data from a Microsoft Office 365 source in Nexla.
office_365_api.png

Microsoft Office 365

Create a New Data Flow

  1. To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Then, select the desired flow type from the list, and click the Create button.

  2. Select the Microsoft Office 365 connector tile from the list of available connectors. Then, select the credential that will be used to connect to the Microsoft Office 365 API, and click Next; or, create a new Microsoft Office 365 credential for use in this flow.

  3. In Nexla, Microsoft Office 365 data sources can be created using pre-built endpoint templates, which expedite source setup for common Microsoft Graph API endpoints. Each template is designed specifically for the corresponding Microsoft Graph API endpoint, making source configuration easy and efficient.
    • To configure this source using a template, follow the instructions in Configure Using a Template.

    Microsoft Office 365 sources can also be configured manually, allowing you to ingest data from Microsoft Graph API endpoints not included in the pre-built templates or apply further customizations to exactly suit your needs.
    • To configure this source manually, follow the instructions in Configure Manually.

Configure Using a Template

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Microsoft Graph API endpoints. Each template is designed specifically for the corresponding Microsoft Graph API endpoint, making data source setup easy and efficient.

Endpoint Settings

  • Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

    Get User (Graph)

    This endpoint retrieves a specific user's profile using their ID or User Principal Name (UPN) via Microsoft Graph API. Use this endpoint when you need to extract user information, get user profiles, or retrieve user details for a specific user.

    • Enter the User ID or User Principal Name (UPN) in the USER_ID_OR_UPN field. This can be either the user's object ID (GUID) or their UPN (e.g., user@domain.com).

    The Get User endpoint uses GET requests to retrieve user profile information from Microsoft Graph API. The endpoint returns user details including display name, email, job title, department, and other user properties. For more information about the Get User endpoint, refer to the Microsoft Graph API Documentation.

    Get Service Health Overview (Graph)

    This endpoint retrieves an overview of the current health status for subscribed services via Microsoft Graph API. Use this endpoint when you need to monitor Office 365 service health, track service status, or integrate service health data with monitoring systems.

    • This endpoint automatically retrieves the current service health overview for all subscribed Office 365 services. No additional configuration is required beyond selecting this endpoint template.

    The Get Service Health Overview endpoint uses GET requests to retrieve service health information from Microsoft Graph API. The endpoint returns health status for various Office 365 services including Exchange Online, SharePoint Online, Teams, and others. For more information about the Get Service Health Overview endpoint, refer to the Microsoft Graph API Documentation.

    List Historical Service Issues (Graph)

    This endpoint retrieves historical service health issues within a specified time range via Microsoft Graph API. Use this endpoint when you need to extract historical service issues, analyze service incidents, or track service health over time.

    • Enter the start time for the time range in ISO 8601 format (e.g., 2024-01-01T00:00:00Z) in the START_TIME field. This specifies the beginning of the time range for retrieving historical service issues.
    • Enter the end time for the time range in ISO 8601 format (e.g., 2024-01-31T23:59:59Z) in the END_TIME field. This specifies the end of the time range for retrieving historical service issues.

    The List Historical Service Issues endpoint uses GET requests with OData filters to retrieve historical service health issues from Microsoft Graph API. The endpoint supports pagination through nextLink and automatically fetches additional pages. For more information about the List Historical Service Issues endpoint, refer to the Microsoft Graph API Documentation.

    Create DLP Audit Log Query (Graph Purview)

    This endpoint starts an asynchronous query for DLP (Data Loss Prevention) audit logs via the Microsoft Graph Purview Audit Search API. Use this endpoint when you need to extract DLP audit logs, analyze data loss prevention events, or integrate compliance data with security systems.

    • Enter the start time for the audit log query in ISO 8601 format (e.g., 2024-01-01T00:00:00Z) in the START_TIME field. This specifies the beginning of the time range for the audit log query.
    • Enter the end time for the audit log query in ISO 8601 format (e.g., 2024-01-31T23:59:59Z) in the END_TIME field. This specifies the end of the time range for the audit log query.

    The Create DLP Audit Log Query endpoint uses a two-step process: first creating an asynchronous query, then retrieving the query results. The endpoint automatically handles both steps and supports pagination through nextLink. For more information about the Create DLP Audit Log Query endpoint, refer to the Microsoft Graph API Documentation.

Endpoint Testing

Once the selected endpoint template has been configured, Nexla can retrieve a sample of the data that will be fetched according to the current settings. This allows users to verify that the source is configured correctly before saving.

  • To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

  • If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Configure Manually

Microsoft Office 365 data sources can be manually configured to ingest data from any valid Microsoft Graph API endpoint. Manual configuration provides maximum flexibility for accessing endpoints not covered by pre-built templates or when you need custom API configurations.

With manual configuration, you can also create more complex Microsoft Office 365 sources, such as sources that use chained API calls to fetch data from multiple endpoints or sources that require custom authentication headers or request parameters.

API Method

  1. To manually configure this source, select the Advanced tab at the top of the configuration screen.

  2. Select the API method that will be used for calls to the Microsoft Graph API from the Method pulldown menu. The most common methods are:

    • GET: For retrieving data from the API (most Microsoft Graph endpoints use GET)
    • POST: For creating queries or sending data to the API

API Endpoint URL

  1. Enter the URL of the Microsoft Graph API endpoint from which this source will fetch data in the Set API URL field. This should be the complete URL including the protocol (https://) and any required path parameters. Microsoft Graph API endpoints typically follow the pattern https://graph.microsoft.com/v1.0/{resource} or https://graph.microsoft.com/beta/{resource} for beta endpoints.

Ensure the API endpoint URL is correct and accessible with your current credentials. You can test the endpoint using the Test button after configuring the URL. Microsoft Graph API requires OAuth 2.0 authentication with appropriate permissions granted to your Azure AD application.

Path to Data

Optional

If only a subset of the data that will be returned by API endpoint is needed, you can designate the part(s) of the response that should be included in the Nexset(s) produced from this source by specifying the path to the relevant data within the response. This is particularly useful when API responses contain metadata, pagination information, or other data that you don't need for your analysis.

For example, when a request call is used to fetch users or service health data, the API will typically return data along with metadata. By entering the path to the relevant data, you can configure Nexla to extract the specific records you need.

Path to Data is essential when API responses have nested structures. Without specifying the correct path, Nexla might not be able to properly parse and organize your data into usable records. For Microsoft Graph API responses, common paths include $ for the entire response, $.value[*] for arrays of results, or $.value for the value array.

  • To specify which data should be treated as relevant in responses from this source, enter the path to the relevant data in the Set Path to Data in Response field.

    • For responses in JSON format enter the JSON path that points to the object or array that should be treated as relevant data. JSON paths use dot notation (e.g., $.value to access the value array).
    Path to Data Example:

    If the API response is in JSON format and includes a value array that contains the results, the path to the response would be entered as $.value[*].

Autogenerate Path Suggestions

Nexla can also autogenerate data path suggestions based on the response from the API endpoint. These suggested paths can be used as-is or modified to exactly suit your needs.

  • To use this feature, click the Test button next to the Set API URL field to fetch a sample response from the API endpoint. Suggested data paths generated based on the content & format of the response will be displayed in the Suggestions box below the Set Path to Data in Response field.

  • Click on a suggestion to automatically populate the Set Path to Data in Response field with the corresponding path. The populated path can be modified directly within the field if further customization is needed.

Request Headers

Optional

  • If Nexla should include any additional request headers in API calls to this source, enter the headers & corresponding values as comma-separated pairs in the Request Headers field (e.g., header1:value1,header2:value2). Additional headers are often required for API versioning, content type specifications, or custom authentication requirements.

    You do not need to include any headers already present in the credentials. Common headers like Authorization, Content-Type, and Accept are typically handled automatically by Nexla based on your credential configuration. For Microsoft Office 365, the Authorization header with Bearer token is automatically included from your credential.

Endpoint Testing

After configuring all settings for the selected endpoint, Nexla can retrieve a sample of the data that will be fetched according to the current configuration. This allows users to verify that the source is configured correctly before saving.

  • To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

  • If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Save & Activate the Source

  1. Once all of the relevant steps in the above sections have been completed, click the Create button in the upper right corner of the screen to save and create the new Microsoft Office 365 data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.