Microsoft 365 - Authentication

UX = dope.security. That’s why it only takes seconds to get your CASB scan of Microsoft 365 started.

Authentication

From the CASB tab in dope.console, select Microsoft 365 from the left-hand panel.

The authentication URL can either be self-enrolled, or sent to your 365 tenant admin to grant the required permissions to dope.security. For them, it's a one-click authorization.

Microsoft Authentication Link

At the authentication URL, the Admin will be asked to grant dope.security with a set of permissions to allow CASB Neural to scan their Microsoft 365 tenant.

Example of the authorization screen an admin will click through

Once permissions are granted then, your done! It really is that simple, dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them!

SSPM Coming Soon: Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access.

Scopes
Purpose

ActivityFeed.Read

Allows us to read company activity data

AuditLog.Read.All

Allows us to query logs for third-party integrations

Application.Read.All

Allows us to read third-party integrations

Directory.Read.Write.All

Allows us to read/write data for the company directory, such as users, groups and apps

Files.ReadWrite.All

Allows us to read/write files in all site collections

Policy.Read.All

Allows us to read company policies. Used to inspect Security + Conditional Access.

Policy.ReadWrite.ConditionalAccess

Allows us to read/write conditional policies

Sites.FullControl.All

Allows us to control site collections

User.Read

Allows us to read profile and basic company information

User.ReadWrite.All

Allows us to read/write details about users

PreviousCASB NeuralNextGoogle - Authentication

Last updated