Microsoft 365 Integration Guide

Last updated: April 22, 2026

Microsoft 365 integration is configured from the instance settings and is used to support Microsoft 365 cloud scanning for Data Scans.

To begin setup:

  1. In the instance, go to Settings.

  2. Select the Integrations tab.

  3. On the Microsoft 365 row, click Configure.

This opens the Microsoft 365 Configuration drawer, where you can enter the required Microsoft 365 API credential details, including:

  • Application (Client) ID

  • Publisher Domain

  • MS Client Secret Value

After entering the required information, use Verify Credentials to validate the configuration before selecting Submit.

Screenshot 2026-04-22 114310.png

Setting up and running a data scan in your Office 365 (O365) environment involves configuring integrations and assigning permissions. Follow the detailed guide below to ensure a seamless process.

Set Up Process for Office 365 Credentials

Azure Configuration

  1. Log in as a local administrator to the organization’s Azure Portal at portal.azure.com.

  2. Search for AppApp registrations.

    1.1f0110c7e06684801fa5.png

  3. Click on + New registration.

    2.ef82d205511e9fbc8cfe.png

  4. Name it Cyrisma.
    Select:
    Accounts in this organizational directory only ([organization_Name].com only – Single tenant)
    as shown here, and then click the Register button at the bottom of the page.

    3.97af58f287eba4b58a12.png

  5. A registration object has been created. Now assign it appropriate permissions.

Assign API Permissions

On the left Azure menu, follow the link:
API Permissions → Add a Permission

4.9953ea4d71d89f373665.png

  • Select Microsoft Graph API.

    5.1d375e312895504e6618.png

A list of application permissions is offered. Open EACH REQUIRED permission and select the checkbox for Read All as shown to the right.

For example:

  • Open Application, select Read All

  • Open AuditLog, select Read All

  • Open Calendars, select Read All

  • Continue FOR EACH required permission

The complete list of required permissions that must be set to Read All is shown below.

6.476086a9a6d2d7c9f68f.png

Continue through the API permission list and make sure the following have been selected.

7.b34a36fa4c9575574fe3.png

When all permissions have been assigned, click on the Grant Admin link to accept all permission changes. Permission indicators will turn into green checkmarks.

8.cc220d02d7bbd2d9b19d.png

Generate Client Secret

  1. Generate a Client Secret which will be needed by the agent to authorize its access.

  • Go to Certificates and Secrets

    9.94b5f06d5e5679907a71.png

  • Click + New client secret

  • Provide the name Cyrisma

  • Set expiration to 12 months, as shown

    10.75618e97c55546523e99.png

IMPORTANT NOTE:
When a secret is generated, it is only shown ONE TIME at the time of generation.

  • PLEASE RECORD this secret

  • Do NOT copy the secret ID

  • Copy the secret VALUE

    11.bc4264cffeb284e0dcba.png

Collect Required Identifiers

  1. Along with the secret recorded above, collect the following:

  • Client ID

    • Click Overview on the left menu

    • Copy the Application (client) ID

    • Paste and record this value for future use

      12.463ac083ce8594575bd3.png

  • Netorg URL

    • Found at the upper right of the Azure web page under the user name

    • A convenient copy can also be found by clicking Branding & Properties on the left menu

      13.a99277993d6c3b127d01.png

Enter Credentials in Cyrisma

  1. In the Microsoft 365 Configuration drawer, enter the following:

    • Application (Client) ID

    • Publisher Domain

    • MS Client Secret Value

    After entering the required values, select Verify Credentials to validate the configuration, then select Submit to save it.

Screenshot 2026-04-22 114310.png