Microsoft 365

Microsoft 365 Integration Guide

Introduction

Microsoft 365 is a suite of productivity tools and cloud-based services developed by Microsoft. Microsoft 365 is designed to help individuals, businesses, and organizations collaborate, communicate, and be productive in various ways. This guide will walk you through the steps required to integrate Microsoft with Perimeters.

Available Features

  • Misconfiguration Rules

  • Identity Rules

  • User Inventory

  • Devices Inventory

  • Shadow Application Inventory

  • Shadow Application Rules

Prerequisites

  • A Microsoft 365 Business Basic subscription or higher.

  • User Account Role Requirements: Global Reader, Privileged Role Administrator, Exchange Administrator, and application-specific administrator roles (e.g., Teams Administrator for Teams onboarding, SharePoint Administrator for SharePoint onboarding). Alternatively, the Global Administrator role can be used in place of all other roles.

Additionally, A Microsoft Teams Essentials subscription.

Follow these steps to assign roles to the user account :

  1. Log in to https://entra.microsoft.com/

  2. Go to 'Users' -> Click on the user you want to assign the role -> 'Assigned roles' -> Click 'Add assignments'.

  3. Select a role (e.g., Global Administrator) → Click Next.

  4. Select 'Assignment type' → Active, fill other details → Assign.

Required Privileges

For Base Integration

Scopes
Use

Mail.ReadBasic.All

Read Email Basic Information for All Mailboxes

Mail.ReadBasic

Read Email Basic Information

Files.ReadWrite.All

Read Data Basic Information for All Users and Sites

AuditLogsQuery-SharePoint.Read.All

Read Data Activity

AuditLogsQuery-OneDrive.Read.All

Read Data Activity

Exchange.Manage

Read Exchange, Threat, Data Loss Prevention Policies and Configurations

User.Read.All

Read All User Profiles

Read SharePoint and OneDrive tenant settings

Read Access to Organization SharePoint Configurations and Settings.

TeamMember.Read.All

Read Team Membership Details

Team.ReadBasic.All

Read All Teams' Basic Information

Sites.Read.All

Read All Site Collections

RoleManagement.Read.Directory

Read Roles and Role Assignments

SharePointTenantSettings.Read.All

Read Sharepoint and OneDrive Configurations

RoleManagement.Read.Directory

Read Roles and Role Assignments

Reports.Read.All

Read Usage Reports

Policy.Read.All

Read All Policies

Directory.Read.All

Read Directory Information

DelegatedPermissionGrant.ReadWrite.All

Read Permission Grants and Granted Scopes

AuditLog.Read.All

Read Activity Logs

Sharepoint

Scopes
Use

Read and query your audit log activities

Read Access to Organization Audit Logs

Read directory data

Read Access to Organization Information, Roles and Role Assignments.

Read SharePoint and OneDrive tenant settings

Read Access to Organization SharePoint Configurations and Settings.

Read directory data

Read Access to Organization Information, Roles, Role Assignments and Third Party Applications.

Read items in all site collections

Read Access to Organization Sites' Metadata.

Read directory RBAC settings

Read Access to Users' Roles and Access.

Read managed metadata

Read Access to Public Sites' Metadata.

For Entra

Scopes
Use

Read directory data

Read Access to Organization Information, Roles, Role Assignments, Devices and Third Party Applications.

Read your organization's policies

Read Access to Organization Policies and Configurations.

Read the names and descriptions of teams

Read Access to Organization Teams.

Read all users' full profiles

Read Access to Users' Detailed Profiles.

Step 1: Select Services

Begin by selecting the services you want to include:

1) Base Services (Mandatory) Includes Microsoft 365, SharePoint, and Entra ID.

2) Files and Email scanning (Optional) Allows deeper insights into organizational data.

3) Include Teams (Optional) Enable this to integrate Microsoft Teams.

Step 2: Base Integration – Entra ID (Azure Active Directory)

Authenticate and authorise Entra ID (formerly Azure AD):

  • Click on "Sign In With Microsoft 365" and Log in with a user that has privileges as mentioned above under prerequisites.

  • Review and grant permissions on the Microsoft Consent screen.

  • A successful connection will show Connection Status: Success.

Step 3: Base Integration – Exchange

This completes access to core Microsoft 365 services:

  • Click on "Sign In With Microsoft 365" and authenticate using the same admin account.

  • Grant the requested Exchange permissions.

  • A successful connection will show Connection Status: Success.

Conditional Step: Read Emails and Files

This step is shown only if "Files and Email scanning" was selected in Step 1.

  • Click on "Sign In With Microsoft 365" and authenticate using the same admin account.

  • Review and approve the email and file access permissions.

  • This step allows the tool to detect shadow apps and risky file/email permissions.

Conditional Step: Microsoft Teams OAuth

This step is shown only if "Include Teams" was selected in Step 1.

  • Click on "Sign In With Microsoft 365" and authenticate using the same admin account.

  • Grant the requested Teams permissions.

  • This enables Teams data access for security monitoring.

Final Step: Complete Integration

Once all steps are completed, click Finish to finalize the integration.

Your Microsoft 365 environment will be successfully connected and will be continuously monitored by the platform.

PreviousJira SoftwareNextMonday

Last updated