Skip to main content
Connect CybSafe to Microsoft 365

Use this article to setup our integration with Microsoft 365 to begin to track security behaviours from your MS 365 environment.

Robert Shough avatar
Written by Robert Shough
Updated this week

What is the Integration with CybSafe and MS 365 for?

Now, you can connect your organisation’s Microsoft 365 apps to CybSafe, cast that net wider, and capture a broader range of security behaviour data for CybSafe to crunch.

To explore more on our security behaviours, take a look at SebDB, its an amazing resource even if we say so ourselves!

This integration is currently focused on growing the number of measurable security behaviours to help your people improve. Integrating with more software and gathering the data allows us to do this.

Currently CybSafe will actively track the following behavioural event types which inform the CybSafe behaviour engine.

  • Reporting suspected phishing emails

  • DLP policy breaches

This data is then reflected in your organisation’s behaviour reporting scores.

We are also capturing any data coming in through the security events endpoint to analyse to add new datapoints to actively track and feed additional data points into the behaviour engine

How to setup the MS 365 integration

Follow the steps below to setup the integration between CybSafe and MS 365.

🆔 Step 1: Obtain your MS 365/Azure AD tenant_id. You can find this in your Azure Active Directory. NB: Before you start, please also make sure unified audit logging is enabled in your organisation

🤞 Step 2: Click on the 'Complete Setup' at the bottom of the integrations page for MS 365.

✍️ Step 3: You will be directed to a form, please enter your tenant_id and click submit

⚙️ Step 4: You will be directed to the relevant MS Portal to grant permissions for the integration. The permissions required are:

  • User.Read: Sign in and read user profile.

  • SecurityEvents.Read.All: Read your organisations security events.

  • ActivityFeed.Read: Read activity data for your organisation.

  • ActivityFeed.ReadDlp: Read DLP policy events including detected sensitive data.

You will be asked to login and be shown some information about the connection, please accept the permissions to complete the integration. 👇

And that's it! You are all done. 🏖️

Still have questions?

If you still have questions, you can contact the CybSafe team via [email protected]. We’re on hand to help resolve any further issues!

Did this answer your question?