# Microsoft 365 - Authentication

### UX = dope.security. That’s why it only takes seconds to get your CASB scan of Microsoft 365 started.

## Authentication

From the CASB tab in dope.console, select Microsoft 365 from the left-hand panel.

The authentication URL can either be self-enrolled, or sent to your 365 tenant admin to grant the required permissions to dope.security. For them, it's a one-click authorization.

<figure><img src="/files/aPwCoHiOUyKL1GSE6e2h" alt=""><figcaption><p>Microsoft Authentication Link</p></figcaption></figure>

At the authentication URL, the Admin will be asked to grant dope.security with a set of permissions to allow CASB Neural to scan their Microsoft 365 tenant.\ <br>

<figure><img src="/files/R9zTLXxJ4lyT3Y0KmE2V" alt=""><figcaption><p>Example of the authorization screen an admin will click through</p></figcaption></figure>

Once permissions are granted then, your done! It really is that simple, dope.security will now scan your tenant, uncover any publicly shared files with sensitive data, and classify them!

{% hint style="info" %}
**SSPM Coming Soon:** Uncover all third-party apps connected to your Microsoft 365 or Google SaaS tenant, neatly organized by access type: global, limited, or login access.
{% endhint %}

| Scopes                             | Purpose                                                                                |
| ---------------------------------- | -------------------------------------------------------------------------------------- |
| ActivityFeed.Read                  | Allows us to read company activity data                                                |
| AuditLog.Read.All                  | Allows us to query logs for third-party integrations                                   |
| Application.Read.All               | Allows us to read third-party integrations                                             |
| Directory.Read.Write.All           | Allows us to read/write data for the company directory, such as users, groups and apps |
| Files.ReadWrite.All                | Allows us to read/write files in all site collections                                  |
| Policy.Read.All                    | Allows us to read company policies. Used to inspect Security + Conditional Access.     |
| Policy.ReadWrite.ConditionalAccess | Allows us to read/write conditional policies                                           |
| Sites.FullControl.All              | Allows us to control site collections                                                  |
| User.Read                          | Allows us to read profile and basic company information                                |
| User.ReadWrite.All                 | Allows us to read/write details about users                                            |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://inflight.dope.security/dope.console/casb-neural/microsoft-365-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.