Just wondering if the integration with O365 in this scenario will work.
There’s one Office365, within that O365, they got like multiple domains (domain1.com, domain2.com)
Now, 2 organization is using that Office365.
Org A has their own InsightIDR instance owning domain1.com in O365
Org B has their own InsightIDR instance too owning domain2.com.
In terms of integrating the Office365 as event source with their InsightIDR, will that actually work if both of them (the Organizations) have integrated it as event source?
if both InsightIDR orgs point to the one O365 tenant then both will receive the same information, there is no way to filter the results received from the O365 tenant prior to configuring the event source.
Thanks for the information. Am making sure this is plausible as I actually tried it already just that there is no logs presented in the second integration whereas the first one was able to get the logs.
It’s possible there is a configuration or connectivity issue, one thing I’d recommend is ensuring you perform the setup in a new browser session, as sometimes if you try to configure the event source in a browser with an active O365 session it says the setup was successful, but the OAUTH token and handshake doesn’t actually work.