Microsoft 365 Security Inspection Report

Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure

Table of Contents

Microsoft 365 Security Inspection - Licensing Requirements

M365 Inspector requires the tenant to have an active subscription to Microsoft Entra ID P1 (formerly known as Azure Active Directory Premium P1) or Microsoft Entra ID P2 (formerly known as Azure Active Directory Premium P2) or a subscription that includes Microsoft Entra ID P1 or P2.

Microsoft 365 Security Inspection - Details

Access the Microsoft 365 Security Inspection from the Cloud Assessments category.

Open

Getting Started - Application Thumbprint Certificate

Before you begin the setups below, you must download the Certificate for Application Thumbprint.

• Log in to your ConnectSecure portal tenant (https://portal.myconnectsecure.com)

• Navigate to Global > Settings > Integrations > Microsoft 365 Security Inspector.

Open

• Scroll down and click on the Download Certificate. This file will be used directly in the Azure Portal in later steps.

Open

Certificate Renewal

Upon logging in, if your M365 certificate is expired; you will be prompted by the following message to help get the certificate renewed.

Open

Steps to Proceed:

1. ConnectSecure: Navigate to Global → Settings → Integrations → Microsoft 365 Security Inspector. Select the credential that needs to be updated and click “Download Certificate”.

2. Azure Portal: Log in to portal.azure.com → App Registrations → All Applications, and select the relevant application (e.g. ConnectSecure_M365_Audit).

3. Upload the Certificate: Go to Certificates & Secrets under Client Credentials, click Upload Certificate, and upload the file downloaded from ConnectSecure. Then click Add.

4. Copy Thumbprint: Copy the Newly Generated Thumbprint from Azure.

5. Paste the Thumbprint: Return to ConnectSecure → Global Settings → Integrations, and paste the copied thumbprint into the “Application Thumbprint” field.

6. Finalize: Update to complete the process.

M365 Audit - Setup in Azure Portal

1. Log in to the Azure portal (http://portal.azure.com ).

2. Tap on the ‘App registrations’ option in Azure services (or use the Search).

Open

3. Tap on the ‘New registration’ option.

Open

4. Complete the required fields.

   1. Name = Give this application registration a name of your choice (IE: ConnectSecure_M365_Audit)

   2. Support Account Type = Single Tenant for Non-CSP, Multi Tenant for CSP

   3. Redirect URI = Set the platform to Web and use: https://authccns.mycybercns.com

   4. Tap on Register to complete

Open

5. Record the Application (client) ID and Directory (Tenant ID) values from the screen.

Open

Generate Client Secret

1. Click on the ‘Add a certificate or secret’ link from the Client credentials section.

Open

2. Tap on ‘New client secret’.

Open

3. Set the client secret required fields for Description and Expires, then tap Add.

Open

4. Copy the Value generated and store it; this will be used in the ConnectSecure portal setup.

Open

5. Tap on the Certificates option.

Open

6. Tap on ‘Upload certificate’.

Open

7. Select the application thumbprint certificate you downloaded at the beginning steps and give it a description (IE: ConnectSecure_M365_Audit), then tap Add.

Open

8. After the upload, you will see the Thumbprint value; record this for use in ConnectSecure.

Open

Configure API Permissions

1. Under the Manage section, tap on the Manifest option.

Open

2. Download one of the two JSON files below, open it, and make the necessary edits.

We offer two role options for conducting M365 assessments:

• Option 1: Uses the Global Reader role, providing full visibility across tenant-wide settings, Secure Score, compliance data, and audit logs.

• Option 2: Uses the Security Reader role, which aligns with least-privilege best practices but offers a more limited scope. Selecting this option will restrict certain findings due to permission constraints.

(Option 1)

CS_Global_Admin contains global admin permissions.

This JSON file provides write access to the tenant

Open

(Option 2)

CS_Security_Reader contains limited security reader permissions

Open

3. In the ‘Microsoft Graph App Manifest (New) file, replace the 'requiredResourceAccess’ section with the copied data from the downloaded JSON file from the step above. You can open the JSON file with notepad or a word processor to copy the contents.

Open

4. Tap on the Save button to complete.

Open

5. Tap on API Permissions from the left panel, then tap the ‘Grant admin consent for…’ button.

Open

The status should display green check marks once permissions are granted:

Open

Assign Roles in Microsoft Entra Roles and Administrators

1. At the top, use the Search, enter ‘Microsoft Entra Roles and Administrators’, and tap to select.

Open

2. Search for and tap on the ‘Global Reader’ option.

Open

3. Select the ‘Add Assignments’ button.

Open

4. Search for your added application name here and tap Add. (IE: ConnectSecure_M365_Audit)

Open

5. You must tap on Add to save.

Open

6. The user who created the app registration will appear; you can add additional users here if needed.

Open

M365 Audit - Setup in ConnectSecure

1. Login to your ConnectSecure portal (IE: portal.myconnectsecure.com)

2. Please navigate back to Global > Settings > Integrations > Microsoft 365 Security Inspector, where we originally obtained the download certificate (application thumbprint).

Open

Credentials

Complete the required fields with your values from the previous steps outlined above.

Open

Proceed to Company Mapping below.

Company Mapping

You will need to map the ConnectSecure company to the M365 company.

1. Tap on the Company Mapping tab within the Microsoft 365 Security Inspector integration and use the ‘Add’ button to create a new mapping.

Open

2. Select from the options to import a new company from M365 into ConnectSecure or map an existing ConnectSecure company to the M365 company.

Open

3. In this case, I will map to an existing ConnectSecure company and tap the next button. You will then select the M365 company from the Local Company (ConnectSecure).

Open

4. Tap on the Add, then Finish to complete mapping.

Open

Start M365 Sync

Once you complete the mappings, navigate to Cloud Assessments > Microsoft 365 Security Inspection Report and click on the Sync option to start the assessment scan.

Open

Tap on the jobs to see the syncing status.

Open

You can review the Findings Summary or the M365 Audit Report once the assessment is finished, which will provide findings, remediated records, and a remediation summary.

Tap on the PowerPoint, Word, or Excel file icons for report data.

Open

Microsoft 365 Remediation Plan

A list of detected problems organized by severity, showing which issues still need action. This helps prioritize fixes based on risk level.

Open

Click on any of the findings name to see the details.

Open

To suppress a problem, use the checkbox or the three-dot action menu.

Open

Microsoft 365 Remediated Records

Problems that have already been resolved. Their status is marked as remediated and no longer require attention.

Open

Microsoft 365 Suppression

The Suppression field shows that a finding or alert has been intentionally hidden from active review. This usually means the issue is considered low-risk, has been addressed through other security measures, or is not relevant for remediation. Suppressed items won’t trigger alerts or appear in summary dashboards unless the suppression is lifted.

Open

To unsuppress a record, select the checkbox or use the three-dot action menu.

Open

Microsoft 365 Security Inspection Dashboard

Review the findings in the company-level dashboard.

Open

Microsoft 365 Security Inspection Items