MICROSOFT 365 Security Inspector

Owned by Ryan Seymour, created
Last updated: Dec 20, 2024
6 min read

Content

M365 Audit - Overview

The Microsoft 365 Security Inspection Report provides a comprehensive overview of the security posture within the Microsoft 365 environment. It evaluates various security controls, identifies vulnerabilities, and offers recommendations to enhance security measures, ensuring robust protection against potential threats and breaches.

Getting Started - Application Thumbprint Certificate

Before you begin the setups below, you must download the Certificate for Application Thumbprint.

  1. Login to the ConnectSecure portal.

  2. Navigate to Global > Settings > Integrations > Microsoft 365 Security Inspector.

  3. Scroll down and tap the Download Certificate; this will be uploaded directly in the Azure Portal next.

image-20241219-142622.png

M365 Audit - Setup in Azure Portal

  1. Log in to the Azure portal (portal.azure.com).

  2. Tap on the ‘App registrations’ option in Azure services (or use the Search).

image-20241219-143105.png

  1. Tap on the ‘New registration’ option.

  1. Complete the required fields.

    1. Name = Give this app reg a name of your choice (IE: ConnectSecure_M365_Audit)

    2. Support Account Type = Single Tenant

    3. Redirect URI = Set the platform to Web and use: https://authccns.mycybercns.com

    4. Tap on Register to complete

  1. Record the Application (client) ID and Directory (Tenant ID) values from the screen.

Generate Client Secret

  1. Click on the ‘Add a certificate or secret’ link from the Client credentials section.

  1. Tap on ‘New client secret’.

  1. Set the client secret required fields for Description and Expires, then tap Add.

  1. Copy the Value generated and store it; this will be used in the ConnectSecure portal setup.

  1. Tap on the Certificates option.

  1. Tap on ‘Upload certificate’.

  1. Select the application thumbprint certificate you downloaded at the beginning steps and give it a description (IE: ConnectSecure_M365_Audit), then tap Add.

  1. After the upload, you will see the Thumbprint value; record this for use in ConnectSecure.

Configure API Permissions

  1. Under the Manage section, tap on the Manifest option.

  1. Download the JSON file provided below and copy its entire contents. (You can open in Notepad or Word)

JSON Manifest Download

  1. In the ‘Microsoft Graph App Manifest (New) file, replace the 'requiredResourceAccess’ section with the copied data.

  1. Tap on the Save button to complete.

  1. Tap on API Permissions from the left panel, then tap the ‘Grant admin consent for…’ button.

Assign Roles in Microsoft Entra Roles and Administrators

The following roles will be added:

  • Exchange Administrator

  • Teams Administrator

  • Global Administrator

  • SharePoint Administrator

  1. At the top, use the Search, enter ‘Microsoft Entra Roles and Administrators’, and tap to select.

  1. Search for and tap on the ‘Exchange Administrator’ option.

  1. Select the ‘Add Assignments’ button.

  1. Search for your added application name here and tap Add. (IE: ConnectSecure_M365_Audit)

Enter any optional policy descriptions and justifications as required; this may vary depending on your Azure portal settings.

  1. Repeat the same steps for the ‘Teams Administrator’ option.

    1. Add assignments

    2. Search for and add your application name

  1. Repeat the same steps for the ‘Global Administrator’ option.

    1. Add assignments

    2. Search for and add your application name

  1. Repeat the same steps for the ‘SharePoint Administrator’ option.

    1. Add assignments

    2. Search for and add your application name

M365 Audit - Setup in ConnectSecure

  1. Login to your ConnectSecure portal (IE: portal.myconnectsecure.com)

  2. Please navigate back to Global > Settings > Integrations > Microsoft 365 Security Inspector, where we originally obtained the download certificate (application thumbprint).

Credentials

Complete the required fields with your values from the previous steps outlined above.

Field Name

Description

Field Name

Description

Enter Name

Use a name of your choice to identify the M365 creds being used.

Microsoft 365 Auth Endpoint

(Default) Global Service (https://login.microsoftonline.com)

US Government (https://login.microsoftonline.us)

Tenant ID

Enter the Directory (tenant) ID from the Azure portal app registration.

Application Client ID

Enter the Application (client) ID from the Azure portal app registration.

User Principal Name

Enter the username (with domain) of the user who created the app registration.

Application Client Secret

Enter the ‘Value’ from the Client Secret.

Application Thumbprint

Enter the value generated from the Thumbprint under the app registration ‘Certificates’ section.

Select Associated Company

Select to associate with a ConnectSecure company.

Proceed to Company Mapping below.

Company Mapping

You will need to map the ConnectSecure company to the M365 company.

  1. Tap on the Company Mapping tab from within the Microsoft 365 Security Inspector integration and use the ‘Add’ button to create a new mapping.

  1. Select from the options to import a new company from M365 into ConnectSecure, or map an existing ConnectSecure company to the M365 company.

  1. In this case, I will map to an existing ConnectSecure company and tap the next button. You will then select the M365 company from the Local Company (ConnectSecure).

  1. Tap on the Add, then Finish to complete mapping.

Start M365 Sync

Once you complete the mapping(s), navigate to Active Directory > M365 Audit Report.

Click on the Sync option to start the assessment.

The results will be displayed in the M365 Audit Report once the assessment is finished.

Tap on the Word or PPT icons for report/PPT outputs.

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login