Configuration: Add a Tenant

---

Add a Tenant to Cayosoft Guardian

Adding your Azure/Office 365 cloud tenant immediately enables change monitoring and data backup for continuous protection against unwanted changes.

Create an Azure AD/Office 365 Connection Account

• Make this Connection Account a member of the Global Administrators role
• Add an office 365 license to this account if the account will need to send alerts through Microsoft Teams or Microsoft Exchange.

Add an Azure AD/Office 365 Tenant

1. Sign-in to Cayosoft Guardian using your Guardian Global Admin account (The person who installs the product automatically becomes a Guardian Global Admin.)
2. To add Azure/Office 365 tenant click Add tenant in Azure AD \ Office 365 section in the Dashboard:
   
   
   
   
3. In New Office 365 Tenant wizard specify the Office 365 account to connect to Office 365 

   Office 365 connection account should hold the Global Admin Role in the target Office 365  / Azure AD tenant and must be a cloud-only account, i.e. not synchronized with on-premises Active Directory.
   
   
   If you want to use legacy authentication, see step-by-step procedure in the section provided below.

4. Click Next
   
   
5. To access a tenant, the Cayosoft Guardian Connection Account must be granted the administrator consent. Click Grant: 
   
   
6. The web browser will open and you will need to sign-in with the Guardian Connection Account. 
   1. In browser specify the password for Azure AD/Office 365 Guardian Connection Account and click Sign-in
   2. Click Accept 
   3. In New Office 365 Tenant wizard, verify that Consent status changed to Granted
   4. Click Next 
7. When using modern authentication, Cayosoft Guardian also requires administrator consent to access Exchange Online:
   
    Click Get Code to obtain one-time code
   1. Click Copy button to copy one-time code into the clipboard
   2. Click Sign-in and paste the code to the browser window
   3. Click Next
   4. When prompted on the sign-in form, specify the Guardian Connection Account and its password  
   5. In Add tenant wizard verify that State changed to Success : 
      
      
   6. Click Next
8. Verify that the tenant was successfully added and click Close

As a result, this new tenant will appear in your list of managed tenants in Azure AD \ Office 365 section in the Dashboard.

Two jobs will be configured: 'Default Azure AD Backup Job' and 'Default Audit Job'. By default, jobs are configured in continuous run mode. In case you need to run jobs at specific time, you can modify job settings under the Jobs node. Once the job completes the initial data collection, it would start to collect change records on each run. Navigate to Change History node to see what was changed in your tenant.

 

Adding managed tenant using legacy authentication method

1. For legacy authentication click Use legacy authentication (password flow), specify Account password and click Next: 
   
   
2. To access a tenant, Guardian must be granted admin consent. Click Grant: 
   
   
3. In browser specify the password for Office 365 account and click Sign-in
4. Click Accept 
5. In New Office 365 Tenant wizard verify that Consent status is Granted now
6. Click Next
7. Verify that the tenant was successfully added and click Close.