Integrate Your AssetsSaaSMicrosoft 365

Automatically Set Up Microsoft 365 Continuous Scanning

Use the automated setup to configure the Mondoo Microsoft 365 integration via a generated command in Azure Cloud Shell.

The automated setup runs a generated command in Azure Cloud Shell to provision everything Mondoo needs to continuously scan your Microsoft 365 environment.

Need full control of the Azure app registration, or scanning a large environment? See the manual setup instead.

Prerequisites

Check your roles in the Azure portal: Microsoft Entra ID > Users > (your account) > Assigned roles.

Add a Microsoft 365 integration

In the Mondoo App, navigate to the space where you want to add the integration. In the side navigation bar, select Integrations. In the top right, select + INSTALL. On the integrations page, find the integration you want by browsing or searching by name:

  1. Under SaaS, select Microsoft 365.

    Automated approach to adding a Microsoft 365 integration to Mondoo

  2. Under Copy the installation command, Mondoo generates a custom command for you. Running it in Azure Cloud Shell creates the integration.

    Mondoo names the integration automatically. To use a different name, change the value after --integration-name in the command, or rename later in the Mondoo App. The name must be 7–34 characters and may include lowercase letters, numbers, single quotes, hyphens, spaces, and exclamation points; it must start with a lowercase letter and end with a letter or number.

  3. Select the copy icon to copy the command.

  4. Select AZURE CLOUD SHELL to open Azure Cloud Shell, paste the command, and press Enter.

    Azure Cloud Shell

  5. Respond to the prompts:

    a. Primary subscription. This is where Mondoo creates the resources it needs, not which subscription it scans. Use arrow keys to choose, then press Enter.

    Select a subscription

    b. Show details. Pick 2. Show details and press Enter to review the resources the automation will create.

    Resources Mondoo will create

    Details

    c. Confirm. Press Enter to continue. When the automation reports success, you're done in Cloud Shell.

    Success

    If the success message doesn't appear within 5 minutes, see Troubleshoot below.

  6. Return to the Mondoo App and select START SCANNING.

On the Recommended Policies page, enable the policies you want Mondoo to score this integration against. To learn how policies work, read Manage Policies.

  1. Select FINALIZE SETUP.

Troubleshoot

  • Automation pauses for more than two minutes after you choose the primary subscription. Press Ctrl+C to end, then paste the command again to re-run it.
  • Automation fails. Confirm you're logged in to Azure with one of the required roles listed above.
  • Integration not visible in the Mondoo App after finalizing setup. Refresh the browser.

Renew the application certificate

The certificate Mondoo uses to authenticate has a 1-year default lifetime. When it expires, the integration stops working. Renew with the Azure CLI.

  1. Note the application ID of the app registration Mondoo created.

  2. In Azure Cloud Shell, run (substituting your application ID):

    az ad app credential reset --id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX --create-cert

  3. Download the certificate from Cloud Shell's Manage files button.

  4. In the Mondoo App, navigate to Integrations > Microsoft 365 > your M365 integration and edit it.

  5. Upload the new certificate in the field shown:

    Refresh certificate

  6. Save the updated configuration.

Next steps

Overview

Continuously scan Microsoft 365 for security misconfigurations across Exchange Online, SharePoint, Teams, OneDrive, and more.

Manual Setup - Continuous Scanning

Manually register the Azure app and configure the Mondoo Microsoft 365 integration.

On this page

PrerequisitesAdd a Microsoft 365 integrationTroubleshootRenew the application certificateNext steps