Microsoft M365 Integration
Integrate Microsoft M365 with Prelude SCM to assess the protection of your Email and Inbox policies
Prelude integrates with M365 to determine Security Controls and Configuration Misalignment for your Microsoft-managed email policies and inboxes
To attach a Microsoft Office M365 account to Detect, you will need:
- The Prelude Dashboard / UI (US1 | EU1) or Prelude CLI
- An Azure user with Global Administrator role
In Azure
Create an App Registration
- Navigate to the App registrations section in the Azure Portal.
- Select "+ New registration" toward the top of the page.
- Enter a name for your application
- Choose Single tenant as the supported account type (Accounts in this organizational directory only). Click Register.
- Leave Redirect URI (optional) as it is.
- After registration:
- Note down the Application (client) ID and Directory (tenant) ID from the app's Overview page.
- In the left menu, expand the Manage section and select Certificates & secrets and create a new Client Secret:
- Click New client secret, enter a description, and set an expiration period.
- Note down the generated Client Secret Value (you won’t be able to view it later).
we now have:
- APP ID (Application (client) ID) from step 6
- TENANT ID (Directory (tenant) ID) from step 6
- APP SECRET (Client Secret Value) from step 7
Granting API Permissions
- In the left menu of the app you created, select API permissions and click Add a permission
- Under "APIs my organization uses" search for: "Office 365 Exchange Online" select Microsoft Graph
- Select Application permissions (not Delegated) and add the following API Permissions.
Exchange.ManageAsApp
Granting Security Reader role
- Navigate to Entra ID in the Azure portal
- Expand Manage and select "Roles and Administrators" on the left hand side
- Search for the "Security Reader" role and click on it
- On the next screen, select Add Assignment
- Search for your App ID that you created in the above steps and assign it to the Security Reader role:
In Prelude
Attach the partner
You can attach a partner via UI or CLI
via UI
- Navigate to your user name in upper right hand corner and select "Integrations"
- Select the "Connect" action for Microsoft 365
- Fill out Base URL, Tenant ID, APP ID and App Secret to connect
- Base URL should be set to
https://api.securitycenter.microsoft.com
. Optionally can be set to hit one of Microsoft's regional endpoints, examplehttps://api-<REGION>.securitycenter.microsoft.com
- Base URL should be set to
via CLI
Ensure you have the latest version of the CLI
- run:
prelude partner attach --api https://api.securitycenter.microsoft.com/ --user {TENANT ID} --secret {APP ID}/{APP SECRET} M365
- replace {TENANT ID}, {APP ID} and {APP SECRET} with the values from your App Registration
--api
is a required field that should be set tohttps://api.securitycenter.microsoft.com
. Optionally can be set to hit one of Microsoft's regional endpoints, examplehttps://api-<REGION>.securitycenter.microsoft.com
Detach the partner
via UI
- Navigate to your user name in upper right hand corner and select "Integrations"
- Select the "Disconnect" action for Microsoft 365
via CLI
Ensure you have the latest version of the CLI
- run:
prelude partner detach M365
Updated about 1 hour ago