Microsoft 365 Integration
Connect your Microsoft 365 tenant to Securtea
Microsoft 365 Integration
The Microsoft 365 integration is the foundation of Securtea. It connects to your M365 tenant via Microsoft Graph API to monitor security configurations and compliance.
Overview
What It Enables
With Microsoft 365 connected, you can:
- Run compliance assessments
- Monitor configuration drift
- Backup M365 configurations
- Track Secure Score
- Collect compliance evidence
How It Works
Securtea connects via:
- Azure App Registration - Your application identity in Entra ID
- Microsoft Graph API - Microsoft's unified API
- Application Permissions - Read-only access to configurations
Connection Status
Viewing Connection
Go to Settings > Integrations > Microsoft 365:
| Field | Description |
|---|---|
| Status | Connected or not |
| Tenant ID | Your M365 tenant |
| Client ID | App registration ID |
| Last Sync | Recent data fetch |
| Health | Connection health |
Health Indicators
| Status | Meaning |
|---|---|
| Connected | Working normally |
| Authentication Error | Credentials issue |
| Permission Error | Missing permissions |
| Service Error | Microsoft service issue |
Setup Requirements
Prerequisites
Before connecting:
- Azure Portal access (admin)
- Global Admin or Application Admin role
- Your M365 tenant details
What You'll Create
The setup creates:
- App registration in your Entra ID
- Client secret for authentication
- API permission grants
Managing Connection
Testing Connection
Verify the connection is working:
- Go to Microsoft 365 integration
- Click Test Connection
- View test results
Tests verify:
- Authentication succeeds
- Permissions are granted
- API calls work
Updating Credentials
To update client secret:
- Generate new secret in Azure Portal
- Go to Microsoft 365 settings
- Click Update Credentials
- Enter new client secret
- Save and test
Refreshing Connection
Force a data refresh:
- Go to Microsoft 365 integration
- Click Refresh Data
- Latest data fetched immediately
Data Access
What Securtea Reads
With this integration, Securtea reads:
| Category | Data |
|---|---|
| Users | Profile info, MFA status |
| Groups | Settings, membership |
| Policies | Conditional Access, security |
| Flow rules, protection settings | |
| SharePoint | Tenant settings, sharing |
| Secure Score | Current score, recommendations |
What Securtea Doesn't Access
Securtea never reads:
- Email content
- Document contents
- User passwords
- Personal files
All permissions are read-only. Securtea cannot modify your Microsoft 365 configuration.
Multi-Tenant Support
Enterprise Plan Feature
Enterprise customers can connect multiple tenants:
- Multiple M365 environments
- MSP client tenants
- Subsidiary organizations
Adding Tenants
For each tenant:
- Click Add Tenant
- Complete app registration
- Grant permissions
- Test connection
Security Considerations
Credential Storage
- Client secrets are encrypted at rest
- Never displayed after initial save
- Access logged for audit
Access Monitoring
Monitor integration access:
- Azure AD sign-in logs
- Securtea activity logs
- Microsoft Graph audit logs
Secret Rotation
Rotate client secrets regularly:
- Create new secret in Azure
- Update in Securtea
- Verify connection
- Delete old secret in Azure
Recommended: Rotate every 6-12 months
What's Next?
- App Registration - Setup guide
- Permissions - Required access
- Troubleshooting - Connection issues