Microsoft 365 plugin
Analyze and report on your Microsoft 365 usage.
How to add the Microsoft 365 plugin
Setup App Registration
Log in to the Azure portal.
In Azure Active Directory > App registrations create a new app registration, using the default options (no redirect URI is needed).
Make a note of the Application (client) ID and the Directory (tenant) ID.
In Certificates and secrets add a new secret, and make a note of the value.
For more information see Microsoft: Use the portal to create an Azure AD application and service principal that can access resources
Configure App Registration access to your Microsoft Graph APIs
Click API permissions > Add a permission
Click Microsoft Graph from the Microsoft APIs section.
Important: Click Application permissions.
Add the following permissions:
AuditLog.Read.All
Device.Read.All
Directory.Read.All
Group.Read.All
Reports.Read.All
Sites.Read.All
Click Add permissions.
Admin consent is required for these permissions to become active. Click Grant admin consent for <your organization>
If you don’t have the necessary rights in Azure AD to complete this step, ask a suitable person to grant these permissions.
After adding permissions to your API, you should see the selected permissions under Configured permissions, as shown in the following image.
You might also notice the User.Read permission for the Microsoft Graph API. This permission is added automatically when you register an app in the Azure portal.
For more information see Microsoft Quickstart: Configure a client application to access a web API
Add the Microsoft 365 plugin to SquaredUp
In SquaredUp browse to Settings > Plugins > Add plugin and search for the plugin.
Enter the Directory (tenant) ID, Application (client) ID, and Client secret noted down earlier.
Leave the checkbox for Automatically create a workspace ticked, this will create a new workspace for this plugin containing out of the box dashboards and scopes.
Optionally, select whether you would like to restrict access to this plugin instance. By default, restricted access is set to off.
Restrict access to this workspace?
The term plugin here really means plugin instance. For example, a user may configure two instances of the AWS plugin, one for their development environment and one for production. In that case, each plugin instance has its own access control settings.
By default, Restrict access to this plugin? is set to off. The plugin can be viewed, edited and administered by anyone. If you would like to control who has access to this plugin, switch Restrict access to this plugin? to on.
Use the Restrict access to this plugin? dropdown to control who has access to the workspace:
By default, the user setting the permissions for the plugin will be given Full Control and the Everyone group will be given Link to workspace permissions.
Tailor access to the plugin, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.
If the user is not available from the dropdown, you are able to invite them to the plugin by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp Cloud. Once the account has been created, they will gain access to the tenant.
At least one user or group must be given Full Control.
Admin users can edit the configuration, modify the Access Control List (ACL) and delete the plugin, regardless of the ACL chosen.
Plugin access levels
Access Level:
Link to workspace
- User can link the plugin to any workspace they have at least Editor permissions for.
- Data from the plugin can then be viewed by anyone with any access to the workspace.
User can share the plugin data with anyone they want.
User cannot configure the plugin in any way, or delete it.
Full Control - User can change the plugin configuration, ACL, and delete the plugin.
See Access control for more information.
Click Save.
Comments
0 comments
Please sign in to leave a comment.