Connecting Microsoft 365, a type of IdP connection, to Drata enables the synchronization and provisioning of accounts for all your company's personnel. This can be the first integration you complete to ensure compliance monitoring of your personnel.
Prerequisites
Admin Access:
Ensure that your company's Microsoft 365 Global Admin account 's email domain matches email domain that was used during the initial tenant setup for Drata.
Ensure you have access to your company's Microsoft 365 Global Admin account.
Domain Requirements:
Personnel with the same email domain as the domain used to connect the IdP are synced.
Personnel with different domains will not be synced. If you need to sync multiple email domains, please contact our Technical Support team.
Connect Microsoft 365 to Drata
1. Go to Drata and select Connections on the side navigation menu.
2. Select the Available connections tab and then search for 'Microsoft 365' to select the connect button for the Microsoft 365 integration.
3. On the connection drawer, select who you would like to sync into Drata.
Select Everyone if you would like to sync all personnel from Microsoft into Drata.
Select Only people from specific groups and enter the group's object ID sync certain individuals from Microsoft. If you need more complex group membership, use Microsoft's dynamic group feature.
4. Then, select Connect your Microsoft 365 account. You will then be redirected to Microsoft to authenticate the needed permissions. Ensure you are a Global Admin user.
These scopes are essential for Drata to integrate with Microsoft 365, providing comprehensive access to read-access to various types of directory while maintaining a read-only status to ensure data security and integrity. To learn more about each scope, go to Microsoft's documentation Microsoft Graph permissions reference.
Directory.Read.All
Reports.Read.All
User.Read.All
Policy.Read.All
AuditLog.Read.All
Example image of the Microsoft 365 connection drawer:
Government Support for Microsoft 365 GCC High
Drata supports Microsoft 365 GCC High for your Identity Provider Connection. All of the same support and services as Microsoft 365 (outlined above) carry over to the GCC High connection as well. See image below to better understand standards for usage of the varied Microsoft 365 Identity solutions.
Monitoring tests covered
Test 86: MFA on Identity Provider
Test 96: Employees have Unique Email Accounts