Managing Microsoft 365 Integration Access and Credential Errors

Last updated: December 23, 2025

This article explains how to remove Microsoft 365 integration access from a Cyrisma instance and how to resolve common authentication failures related to invalid or missing client secrets. These issues typically occur during initial integration setup, credential rotation, or decommissioning of a client environment.

Applies To

  • Microsoft 365 integrations

  • Azure App Registration–based authentication

  • Cloud scanning and monitoring access

Removing Microsoft 365 Integration Access

When This Is Required

You may need to remove Microsoft 365 access when:

  • Offboarding a client

  • Decommissioning an integration

  • Replacing credentials or app registrations

  • Preventing further cloud data access

Required Action

Removing access requires changes within Cyrisma, not only in Azure.

To fully revoke access:

  1. Log in to the Cyrisma platform

  2. Navigate to Admin → Integrations

  3. Locate the Microsoft 365 credentials

  4. Delete the existing credentials

  5. Save your changes

Important Note

Deleting the Azure App Registration alone is not sufficient.
Credentials must also be removed from Cyrisma to fully disable access.

Common Credential Error: Invalid “Secret Value”

Error Description

Authentication fails with an error indicating an invalid or missing client secret. This commonly happens when the client secret ID is entered instead of the client secret value.

Why This Happens

In the Azure portal:

  • The Client Secret ID remains visible

  • The Client Secret Value is shown only once at creation

If the secret value is:

  • Entered incorrectly

  • Expired

  • Not recorded at creation time

…the integration will fail to authenticate.

How to Resolve Credential Errors

Step 1: Confirm the Secret Value

  • Verify that the value entered in Cyrisma is the client secret value, not the secret ID

Step 2: Regenerate the Secret (If Needed)

If the secret value is unavailable or expired:

  • Create a new client secret in Azure

  • Securely record the secret value at creation time

Step 3: Update Cyrisma

  • Enter the new client secret value in the Microsoft 365 integration settings

  • Save the configuration

  • Verify successful authentication

Key Reminders

  • Client secret values cannot be retrieved after creation

  • Credential rotation requires updating Cyrisma configuration

  • Expired or missing secrets will block cloud scanning and monitoring

Summary

  • Removing Microsoft 365 access requires deleting credentials from Cyrisma

  • Azure App Registration deletion alone does not revoke access

  • Invalid credential errors are commonly caused by using the secret ID instead of the secret value

  • Regenerating and correctly entering the client secret value resolves most authentication failures

If issues persist after updating credentials or removing access, contact Cyrisma Support for further assistance.