# Microsoft 365 - Authentication
### UX = dope.security. That’s why it only takes seconds to get your CASB scan of Microsoft 365 started.
## Authentication
From the CASB tab in dope.console, select Microsoft 365 from the left-hand panel.
The authentication URL can either be self-enrolled, or sent to your 365 tenant admin to grant the required permissions to dope.security. For them, it's a one-click authorization.
Microsoft Authentication Link
At the authentication URL, the Admin will be asked to grant dope.security with a set of permissions to allow CASB Neural to scan their Microsoft 365 tenant.\
Example of the authorization screen an admin will click through
Once permissions are granted then, your done! It really is that simple, dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them!
{% hint style="info" %}
**SSPM Coming Soon:** Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access.
{% endhint %}
| Scopes | Purpose |
| ---------------------------------- | -------------------------------------------------------------------------------------- |
| ActivityFeed.Read | Allows us to read company activity data |
| AuditLog.Read.All | Allows us to query logs for third-party integrations |
| Application.Read.All | Allows us to read third-party integrations |
| Directory.Read.Write.All | Allows us to read/write data for the company directory, such as users, groups and apps |
| Files.ReadWrite.All | Allows us to read/write files in all site collections |
| Policy.Read.All | Allows us to read company policies. Used to inspect Security + Conditional Access. |
| Policy.ReadWrite.ConditionalAccess | Allows us to read/write conditional policies |
| Sites.FullControl.All | Allows us to control site collections |
| User.Read | Allows us to read profile and basic company information |
| User.ReadWrite.All | Allows us to read/write details about users |
