# Microsoft 365
## Introduction
Microsoft 365 is a suite of productivity tools and cloud-based services developed by Microsoft. Microsoft 365 is designed to help individuals, businesses, and organizations collaborate, communicate, and be productive in various ways. This guide will walk you through the steps required to integrate Microsoft with Perimeters.
## Available Features
* Misconfiguration Rules
* Identity Rules
* User Inventory
* Devices Inventory
* Shadow Application Inventory
* Shadow Application Rules
## Prerequisites
* A Microsoft 365 Business Basic subscription or higher.
* User Account Role Requirements: Global Reader, Privileged Role Administrator, Exchange Administrator, and application-specific administrator roles (e.g., Teams Administrator for Teams onboarding, SharePoint Administrator for SharePoint onboarding). Alternatively, the Global Administrator role can be used in place of all other roles.
Additionally, A Microsoft Teams Essentials subscription.
Follow these steps to assign roles to the user account :
1. Log in to
2. Go to 'Users' -> Click on the user you want to assign the role -> 'Assigned roles' -> Click 'Add assignments'.
3. Select a role (e.g., Global Administrator) → Click **Next**.
4. Select 'Assignment type' → Active, fill other details → Assign.
## Required Privileges
For Base Integration
| Scopes | Use |
| -------------------------------------------- | ----------------------------------------------------------------------- |
| Mail.ReadBasic.All | Read Email Basic Information for All Mailboxes |
| Mail.ReadBasic | Read Email Basic Information |
| Files.ReadWrite.All | Read Data Basic Information for All Users and Sites |
| AuditLogsQuery-SharePoint.Read.All | Read Data Activity
|
| AuditLogsQuery-OneDrive.Read.All | Read Data Activity |
| Exchange.Manage
| Read Exchange, Threat, Data Loss Prevention Policies and Configurations |
| User.Read.All | Read All User Profiles
|
| Read SharePoint and OneDrive tenant settings | Read Access to Organization SharePoint Configurations and Settings. |
| TeamMember.Read.All | Read Team Membership Details |
| Team.ReadBasic.All | Read All Teams' Basic Information |
| Sites.Read.All | Read All Site Collections |
| RoleManagement.Read.Directory | Read Roles and Role Assignments |
| SharePointTenantSettings.Read.All | Read Sharepoint and OneDrive Configurations |
| RoleManagement.Read.Directory | Read Roles and Role Assignments |
| Reports.Read.All | Read Usage Reports |
| Policy.Read.All | Read All Policies
|
| Directory.Read.All | Read Directory Information
|
| DelegatedPermissionGrant.ReadWrite.All | Read Permission Grants and Granted Scopes
|
| AuditLog.Read.All | Read Activity Logs
|
#### Sharepoint
| Scopes | Use |
| -------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| Read and query your audit log activities | Read Access to Organization Audit Logs
|
| Read directory data | Read Access to Organization Information, Roles and Role Assignments.
|
| Read SharePoint and OneDrive tenant settings | Read Access to Organization SharePoint Configurations and Settings. |
| Read directory data | Read Access to Organization Information, Roles, Role Assignments and Third Party Applications. |
| Read items in all site collections | Read Access to Organization Sites' Metadata. |
| Read directory RBAC settings | Read Access to Users' Roles and Access. |
| Read managed metadata | Read Access to Public Sites' Metadata. |
#### For Entra
| Scopes | Use |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| Read directory data | Read Access to Organization Information, Roles, Role Assignments, Devices and Third Party Applications.
|
| Read your organization's policies | Read Access to Organization Policies and Configurations.
|
| Read the names and descriptions of teams | Read Access to Organization Teams. |
| Read all users' full profiles | Read Access to Users' Detailed Profiles.
|
### Step 1: Select Services
Begin by selecting the services you want to include:
1\) Base Services (Mandatory)\
Includes Microsoft 365, SharePoint, and Entra ID.
2\) Files and Email scanning (Optional)\
Allows deeper insights into organizational data.
3\) Include Teams (Optional)\
Enable this to integrate Microsoft Teams.
### Step 2: Base Integration – Entra ID (Azure Active Directory)
Authenticate and authorise Entra ID (formerly Azure AD):
* Click on "Sign In With Microsoft 365" and Log in with a user that has privileges as mentioned above under prerequisites.
* Review and grant permissions on the Microsoft Consent screen.
* A successful connection will show Connection Status: Success.
### Step 3: Base Integration – Exchange
This completes access to core Microsoft 365 services:
* Click on "Sign In With Microsoft 365" and authenticate using the same admin account.
* Grant the requested Exchange permissions.
* A successful connection will show Connection Status: Success.
### Conditional Step: Read Emails and Files
This step is shown only if "Files and Email scanning" was selected in Step 1.
* Click on "Sign In With Microsoft 365" and authenticate using the same admin account.
* Review and approve the email and file access permissions.
* This step allows the tool to detect shadow apps and risky file/email permissions.
### Conditional Step: Microsoft Teams OAuth
This step is shown only if "Include Teams" was selected in Step 1.
* Click on "Sign In With Microsoft 365" and authenticate using the same admin account.
* Grant the requested Teams permissions.
* This enables Teams data access for security monitoring.
### Final Step: Complete Integration
Once all steps are completed, click Finish to finalize the integration.
Your Microsoft 365 environment will be successfully connected and will be continuously monitored by the platform.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://support.perimeters.io/perimeters-documentation/connecting-perimeters/integrations-for-security-insights/saas-applications/microsoft-365.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.