Microsoft 365

Microsoft 365 is a cloud-based platform that integrates productivity apps and collaboration tools. This integration supports SaaS Ecosystem visibility, SaaS Security Posture Management (SSPM), Data Loss Prevention (DLP), and Malware Threat Protection capabilities.

Prerequisite

The user that performs the integration must have Global Administrator or Privileged Role Administrator permissions in Microsoft Entra ID (formerly Azure AD).

Required Permissions

To integrate Microsoft 365 with Check Point SaaS Security, the integration requests a predefined set of API permissions during installation.

These permissions allow SaaS Security to collect configuration data, audit logs, activity events, and content metadata required for security monitoring, risk analysis, DLP and malware detection, and enforcement of customer-defined remediation policies.

Note - All listed permissions are granted as Application permissions and require tenant‑level admin consent during installation.

Permission Scope Summary

During installation, the Microsoft 365 integration requests a total of 25 application permissions across two API resource servers:

  • Microsoft Graph API – 23 permissions

  • Office 365 Management APIs – 2 permissions

Microsoft Graph API Permissions

Permission Scope Type Description
AppCatalog.Read.All Application Read all app catalogs
Application.Read.All Application Read all applications
Application.ReadWrite.All Application Read and write all applications
AppRoleAssignment.ReadWrite.All Application Manage app permission grants and app role assignments
AuditLog.Read.All Application Read all audit log data
Chat.ReadBasic.All Application Read names and members of all chat threads
Directory.Read.All Application Read directory data
Files.Read.All Application Read files in all site collections
Files.ReadWrite.All Application Read and write files in all site collections
Place.Read.All Application Read all company places
Policy.Read.All Application Read your organization’s policies
Reports.Read.All Application Read all usage reports
RoleManagement.Read.Directory Application Read all directory RBAC settings
SharePointTenantSettings.Read.All Application Read SharePoint and OneDrive tenant settings
Sites.Read.All Application Read items in all site collections
Sites.ReadWrite.All Application Read and write items in all site collections
TeamMember.Read.All Application Read the members of all teams
TeamsAppInstallation.ReadForChat.All Application Read installed Teams apps for all chats
TeamsAppInstallation.ReadForTeam.All Application Read installed Teams apps for all teams
TeamsAppInstallation.ReadForUser.All Application Read installed Teams apps for all users
User.Read.All Application Read all users’ full profiles
User.ReadWrite.All Application Read and write all users’ full profiles
UserAuthenticationMethod.Read.All Application Read all users’ authentication methods

Office 365 Management API Permissions

Permission Scope Type Description
ActivityFeed.Read Application Read activity data for your organization
ActivityFeed.ReadDlp.Read Application Read DLP policy events including detected sensitive data

Integrating Microsoft 365

Microsoft 365 uses OAuth2 authorization to integrate with SaaS Security. OAuth2 authorization is a protocol that allows users to grant third-party applications limited access to their resources without sharing their credentials.

Note - The integration is disabled if the Global Administrator or Privileged Role Administrator is no longer associated with the user who installed it. For example, when the user leaves the organization.

To integrate Microsoft 365 with SaaS Security:

  1. Log in to the SaaS Security Administrator Portal.

  2. From the top banner, click Integration Manager.

  3. In the Microsoft widget, click Connect.

    The Microsoft window opens.

  4. Click Connect.

    The Sign in to your account window opens.

  5. Select your account with the administrator privileges.

  6. Review the permissions for SaaS Security and click Accept.

    In the SaaS Security Administrator Portal, the Successfully connected message appears.