Microsoft 365
Microsoft 365 Integration Guide
Introduction
Microsoft 365 is a suite of productivity tools and cloud-based services developed by Microsoft. Microsoft 365 is designed to help individuals, businesses, and organizations collaborate, communicate, and be productive in various ways. This guide will walk you through the steps required to integrate Microsoft with Perimeters.
Available Features
Misconfiguration Rules
Identity Rules
User Inventory
Devices Inventory
Shadow Application Inventory
Shadow Application Rules
Prerequisites
A Microsoft 365 Business Basic subscription or higher.
A User Account with Privileged Role Administrator, Global Reader and Exchange Administrator Role, or alternatively, a Global Administrator Role.
Additionally, A Microsoft Teams Essentials subscription.
Required Privileges
For Base Integration
Read directory data
Read Access to Organization Information, Roles, Role Assignments, Devices and Third Party Applications.
Read your organization's policies
Read Access to Organization Policies and Configurations.
Read all users' full profiles
Read Access to Users' Detailed Profiles.
Manage Exchange configuration
Read Access to Organization Exchange Configurations and Settings.
Read Reports
Read Reports
Read directory data
Read Access to Organization Information, Roles and Role Assignments.
Read your organization's policies
Read Access to Organization Policies and Configurations.
Read SharePoint and OneDrive tenant settings
Read Access to Organization SharePoint Configurations and Settings.
Read items in all site collections
Read Access to Organization Sites' Metadata.
Read directory RBAC settings
Read Access to Users' Roles and Access.
Read managed metadata
Read Access to Public Sites' Metadata.
Read and query your audit log activities
Read Access to Organization Audit Logs
Read directory data
Read Access to Organization Information, Roles, Role Assignments, Devices and Third Party Applications.
Read your organization's policies
Read Access to Organization Policies and Configurations.
Read all users' full profiles
Read Access to Users' Detailed Profiles.
For Emails and File Sharing
Read all audit log data
Allows the app to read and query your audit log activities.
Read audit logs data from OneDrive workload
Read and query audit logs from OneDrive workload
Read audit logs data from SharePoint workload
Read and query audit logs from SharePoint workload
Read directory data
Read Access to Organization Information, Roles, Role Assignments and Third Party Applications.
Read files in all site collections
Read files in all site collections
Read and write files in all site collections
Edit or delete documents and list items in all site collections
Read basic mail in all mailboxes
Read basic mail properties in all mailboxes
Read items in all site collections
Read documents and list items in all site collections
Sign in and read user profile
Sign in and read user profile
For Teams
Access Microsoft Teams and Skype for Business data as the signed in user
Read Access to Microsoft Teams Settings and Configurations.
Read directory data
Read Access to Organization Information, Roles, Role Assignments and Third Party Applications.
Read the names and descriptions of teams
Read Access to Organization Teams.
Read the members of teams
Read Access to Organization Team Members.
Read all users' full profiles
Read Access to Users' Detailed Profiles.
Read and query your audit log activities
Read Access to Organization Audit Logs
Read Reports
Read Reports
Onboarding Microsoft 365 in your Perimeters account
Go to "Integrations" -> Select "Microsoft 365" -> Click "+ Add" -> Click "+ Start Integration".
Select Services: Please select the services you want to include in this Microsoft 365 integration. The base services Microsoft 365, SharePoint, and Entra are always included.
Select ‘Files and Email scanning’ to enable Perimeters to discover Shared Files and Shadow Applications registration.
Select ‘Include Teams’ if your Microsoft 365 license includes Teams
OAuth: For Basic Services, the access grant is a two step process:
Step 1: Consent to grant access to M365 resources (read Office, SharePoint, and Entra) via Graph API.
Step 2: Consent to grant access to Exchange resources via CLI.
NOTE: If you have selected to grant access to additional services, additional OAuths will require you to grant consent, respectively.
Click "Finish" to complete the onboarding process.
Once you have completed these steps, Microsoft 365 should be successfully integrated with your Perimeters account.
Last updated