Click Install a New Tenant. This directs you to login to your Microsoft 365 account for authorization. You must login with an admin account.
Optionally add comma separated custom tags that get attached to every log for this newly setup tenant, for e.g environment:prod,team:us. These tags can be used to filter/analyze logs.
Note: Your organization must have audit logging enabled to use Datadog audit logging.
Data Collected
Logs
The Microsoft 365 integration produces one log event per audit log. Collected logs are tagged with the source microsoft-365.
Troubleshooting
Datadog’s log intake only supports backdating log events up to 18 hours in the past. Log events with an earlier timestamp are discarded.
Datadog does not support GCC government, GCC High government, or DoD tenants, because they require different Microsoft endpoints.