Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

Back to Guides
Security Controls
Intermediate12 min

Microsoft 365 Security Controls

Enable and configure Microsoft 365 security control evaluation across all clients

In This Guide

App RegistrationAdmin ConsentControl LibraryAutomated Scanning

Connect Microsoft 365 to evaluate security controls across all your client tenants, including MFA status, conditional access, and security defaults.

1

App Registration

Create App Registration

You'll create one app registration that works across all client tenants:

1. Go to the Azure Portal (portal.azure.com)

2. Navigate to **Azure Active Directory > App Registrations**

3. Click **New Registration**

4. Enter name: "BrainstormMSP Security Scanner"

5. Select **Multitenant** for supported account types

6. Click **Register**

Configure API Permissions

Add these permissions:

Microsoft Graph > Directory.Read.All (Application)

Microsoft Graph > Policy.Read.All (Application)

Microsoft Graph > User.Read.All (Application)

Click **Grant admin consent** for your tenant.

2

Admin Consent

Get Client Consent

Each client tenant needs to consent to the app:

Option 1: Admin Consent URL

Generate a consent URL and send to client admins:

https://login.microsoftonline.com/{tenant}/adminconsent?client_id={app-id}

Option 2: Partner Center

If you're a Microsoft partner, use delegated admin to consent on behalf of clients.

Verify Consent

After consent:

1. Go to **Settings > Integrations > Microsoft 365**

2. Click **Verify Tenant**

3. Enter the client's tenant ID

4. Confirm access is working

3

Control Library

Microsoft 365 Controls Evaluated

BrainstormMSP evaluates 25+ M365 security controls:

Identity Controls:

MFA enabled for all users

MFA enabled for admins

Legacy authentication blocked

Conditional access configured

Data Protection:

DLP policies configured

Sensitivity labels deployed

External sharing restricted

Device Controls:

Intune enrollment required

Compliance policies enforced

Device encryption required

4

Automated Scanning

Configure Scan Schedule

1. Go to **Settings > Scanning**

2. Select **Microsoft 365** from the integration list

3. Set scan frequency (daily recommended)

4. Choose scan time (off-peak hours)

Understanding Scan Results

Each scan produces:

Current control status (pass/fail)

Historical trend data

Specific evidence for each control

Remediation recommendations

Bulk Operations

For large client portfolios:

Enable parallel scanning

Set rate limits to avoid throttling

Configure retry behavior for transient errors

Completed!

You've completed the Microsoft 365 Security Controls guide. Ready to continue learning?

Acronis Cyber Protect Cloud IntegrationUnderstanding Security Control Evaluation

Related Guides

Understanding Security Control Evaluation

Learn how AI agents evaluate controls, interpret results, and generate remediation recommendations