Content
M365 Audit - Overview
The Microsoft 365 Security Inspection Report provides a comprehensive overview of the security posture within the Microsoft 365 environment. It evaluates various security controls, identifies vulnerabilities, and offers recommendations to enhance security measures, ensuring robust protection against potential threats and breaches.
Getting Started - Application Thumbprint Certificate
Before you begin the setups below, you must download the Certificate for Application Thumbprint.
Login to the ConnectSecure portal.
Navigate to Global > Settings > Integrations > Microsoft 365 Security Inspector.
Scroll down and tap the Download Certificate; this will be uploaded directly in the Azure Portal next.
M365 Audit - Setup in Azure Portal
Log in to the Azure portal (portal.azure.com).
Tap on the ‘App registrations’ option in Azure services (or use the Search).
Tap on the ‘New registration’ option.
Complete the required fields.
Name = Give this app reg a name of your choice (IE: ConnectSecure_M365_Audit)
Support Account Type = Single Tenant
Redirect URI = Set the platform to Web and use: https://authccns.mycybercns.com
Tap on Register to complete
Record the Application (client) ID and Directory (Tenant ID) values from the screen.
Generate Client Secret
Click on the ‘Add a certificate or secret’ link from the Client credentials section.
Tap on ‘New client secret’.
Set the client secret required fields for Description and Expires, then tap Add.
Copy the Value generated and store it; this will be used in the ConnectSecure portal setup.
Tap on the Certificates option.
Tap on ‘Upload certificate’.
Select the application thumbprint certificate you downloaded at the beginning steps and give it a description (IE: ConnectSecure_M365_Audit), then tap Add.
After the upload, you will see the Thumbprint value; record this for use in ConnectSecure.
Configure API Permissions
Under the Manage section, tap on the Manifest option.
Download the JSON file provided below and copy its entire contents. (You can open in Notepad or Word)
In the ‘Microsoft Graph App Manifest (New) file, replace the 'requiredResourceAccess’ section with the copied data.
Tap on the Save button to complete.
Tap on API Permissions from the left panel, then tap the ‘Grant admin consent for…’ button.
Assign Roles in Microsoft Entra Roles and Administrators
The following roles will be added:
Exchange Administrator
Teams Administrator
Global Administrator
SharePoint Administrator
At the top, use the Search, enter ‘Microsoft Entra Roles and Administrators’, and tap to select.
Search for and tap on the ‘Exchange Administrator’ option.
Select the ‘Add Assignments’ button.
Search for your added application name here and tap Add. (IE: ConnectSecure_M365_Audit)
Enter any optional policy descriptions and justifications as required; this may vary depending on your Azure portal settings.
Repeat the same steps for the ‘Teams Administrator’ option.
Add assignments
Search for and add your application name
Repeat the same steps for the ‘Global Administrator’ option.
Add assignments
Search for and add your application name
Repeat the same steps for the ‘SharePoint Administrator’ option.
Add assignments
Search for and add your application name
M365 Audit - Setup in ConnectSecure
Login to your ConnectSecure portal (IE: portal.myconnectsecure.com)
Please navigate back to Global > Settings > Integrations > Microsoft 365 Security Inspector, where we originally obtained the download certificate (application thumbprint).
Credentials
Complete the required fields with your values from the previous steps outlined above.
Field Name | Description |
---|---|
Enter Name | Use a name of your choice to identify the M365 creds being used. |
Microsoft 365 Auth Endpoint | (Default) Global Service (https://login.microsoftonline.com) US Government (https://login.microsoftonline.us) |
Tenant ID | Enter the Directory (tenant) ID from the Azure portal app registration. |
Application Client ID | Enter the Application (client) ID from the Azure portal app registration. |
User Principal Name | Enter the username (with domain) of the user who created the app registration. |
Application Client Secret | Enter the ‘Value’ from the Client Secret. |
Application Thumbprint | Enter the value generated from the Thumbprint under the app registration ‘Certificates’ section. |
Select Associated Company | Select to associate with a ConnectSecure company. |
🏁 Proceed to Company Mapping below.
Company Mapping
You will need to map the ConnectSecure company to the M365 company.
Tap on the Company Mapping tab from within the Microsoft 365 Security Inspector integration and use the ‘Add’ button to create a new mapping.
Select from the options to import a new company from M365 into ConnectSecure, or map an existing ConnectSecure company to the M365 company.
In this case, I will map to an existing ConnectSecure company and tap the next button. You will then select the M365 company from the Local Company (ConnectSecure).
Tap on the Add, then Finish to complete mapping.
Start M365 Sync
Once you complete the mapping(s), navigate to Active Directory > M365 Audit Report.
Click on the Sync option to start the assessment.
The results will be displayed in the M365 Audit Report once the assessment is finished.
Tap on the Word or PPT icons for report/PPT outputs.
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login