Skip to main content
All CollectionsIntegrations
Connecting Microsoft 365 to Drata
Connecting Microsoft 365 to Drata

Making the initial connection to Microsoft 365

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

Connecting Microsoft 365, a type of IdP connection, to Drata enables the synchronization and provisioning of accounts for all your company's personnel. This can be the first integration you complete to ensure compliance monitoring of your personnel.

Prerequisites

  • Admin Access:

    • Ensure that your company's Microsoft 365 Global Admin account 's email domain matches email domain that was used during the initial tenant setup for Drata.

    • Ensure you have access to your company's Microsoft 365 Global Admin account.

  • Domain Requirements:

    • Personnel with the same email domain as the domain used to connect the IdP are synced.

    • Personnel with different domains will not be synced. If you need to sync multiple email domains, please contact our Technical Support team.

Connect Microsoft 365 to Drata

1. Log in with Global Admin credentials to your company's Microsoft 365 account and accept the following permissions.

  • Directory.Read.All

  • Reports.read.All

  • User.Read.All

  • Policy.Read.All

  • AuditLog.Read.All

These scopes are essential for Drata to integrate with Microsoft 365, providing comprehensive access to read-access to various types of directory while maintaining a read-only status to ensure data security and integrity. To learn more about each scope, go to Microsoft's documentation Microsoft Graph permissions reference.

2. After accepting the permissions, go to Drata and select Connections on the side navigation menu.

3. Select the Available connections tab and then search for 'Microsoft 365' to select the connect button for the Microsoft 365 integration.

4. Follow the instructions in the slide-out panel carefully.

  1. Select Connect your Microsoft 365 account to authenticate Microsoft.

  2. Select who you would like to sync into Drata.

    • Select Everyone if you would like to sync all personnel from Microsoft into Drata.

    • Select Only people from specific groups and enter the group's object ID sync certain individuals from Microsoft. If you need more complex group membership, use Microsoft's dynamic group feature.

Monitoring tests covered

  • Test 77: Employee Users Require MFA

  • Test 86: MFA on Identity Provider

  • Test 96: Employees have Unique Email Accounts

Did this answer your question?