#11810 Enabling Agentless for Office 365 (#13243)

qcorporation · flexitrev · commit d2d9ec3012e9 · 2025-03-28T14:53:59.000-04:00
* Enable agentless configuration
diff --git a/packages/o365/_dev/build/docs/README.md b/packages/o365/_dev/build/docs/README.md
@@ -21,6 +21,14 @@ Once the application is registered, configure and/or note the following to setup
     - If `User.Read` permission under `Microsoft.Graph` tile is not added by default, add this permission.
     - After the permissions are added, the admin has to grant consent for these permissions.
 
+### Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent and Agentless Setup
+
 Once the secret is created and permissions are granted by admin, setup Elastic Agent's Microsoft O365 integration:
 - Click `Add Microsoft Office 365`.
 - Enable `Collect Office 365 audit logs via Management Activity API using CEL Input`.
diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.12.0"
+  changes:
+    - description: Enable Agentless deployments and updated default.yml to use package-spec 3.2.3.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13243
 - version: "2.11.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -6,6 +6,11 @@ processors:
       target_field: event.original
       if: ctx.event?.original == null
       ignore_missing: true
+  - remove:
+      field: message
+      ignore_missing: true
+      if: 'ctx.event?.original != null'
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - set:
       field: event.original
       value: "{{{o365audit}}}"
diff --git a/packages/o365/docs/README.md b/packages/o365/docs/README.md
@@ -21,6 +21,14 @@ Once the application is registered, configure and/or note the following to setup
     - If `User.Read` permission under `Microsoft.Graph` tile is not added by default, add this permission.
     - After the permissions are added, the admin has to grant consent for these permissions.
 
+### Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent and Agentless Setup
+
 Once the secret is created and permissions are granted by admin, setup Elastic Agent's Microsoft O365 integration:
 - Click `Add Microsoft Office 365`.
 - Enable `Collect Office 365 audit logs via Management Activity API using CEL Input`.
diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml
@@ -1,13 +1,13 @@
 name: o365
 title: Microsoft Office 365
-version: "2.11.0"
+version: "2.12.0"
 description: Collect logs from Microsoft Office 365 with Elastic Agent.
 type: integration
-format_version: "3.0.2"
+format_version: "3.2.3"
 categories: [security, productivity_security]
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.18.0 || ^9.0.0"
 icons:
   - src: /img/logo-integrations-microsoft-365.svg
     title: Microsoft Office 365
@@ -26,6 +26,14 @@ policy_templates:
   - name: o365
     title: Office 365 logs
     description: Collect logs from Office 365
+    deployment_modes: 
+      default:
+        enabled: true 
+      agentless:
+        enabled: true
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: o365audit
         title: "Collect Office 365 audit logs - Deprecated. Please disable this and use the CEL input instead."
