Microsoft 365

Microsoft 365 is a web-based version of Microsoft's Office suite of productivity applications (Word, Excel, PowerPoint, and others).

Pricing Pricing is based on the number of users and features.

Integration Information

Data Collected

  • Members: email, name, role (Assigned products), last seen
  • Usage:
    • Licences utilization

Connection details

  • Status: General Availability
  • Type: api
  • Permissions required:
    • User with access to Azure Active Directory and ability to grant required permissions:
      • Reports.Read.All
      • Application.Read.All
      • Directory.Read.All
      • Organization.Read.All
      • AuditLog.Read.All
      • User.Read.All
      • Anonymization turned off - optional.

Instructions for connecting with client secret

Please connect the Microsoft Office 365 service, in order to get the information about all the Microsoft Office products.

Register new application

  1. Sign in to the Azure portal ( with an Azure administrator account that is also a member of the Global Administrator directory role in your Azure AD tenant.
  2. On the left navigation pane, click Azure Active Directory.

  1. In the Azure Active Directory page, click App registrations.

  1. On the App registrations page, in the toolbar on the top, click New registration.

  1. On the Register an application page, perform the following steps:

a. In the Name textbox, type LeanIX SMP.

b. Under Supported account types select Accounts in this organizational directory only.
c. In the Redirect URI section select Web, and enter in the textbox.
d. Click Register at the bottom of the screen.

Grant permissions

  1. After the LeanIX SMP application is registered, you will be redirected to the overview section of the created application.
  2. Next click on API permissions to define a list of permissions for the application.

  1. On the API permissions page click Add a permission button.

  1. New configuration pane Request API permissions will display on the right, and select the Microsoft Graph API.

  1. In the next step you will have to define which type of permissions the LeanIX SMP application requires.
  2. Next, select the Application permissions option, search for reports, and in the Reports section check permission Reports.Read.All

  1. Similarly add permissions User.Read.All
    1. User.Read.All permission is needed for obtaining information about assigned licences to the user.
  2. Click on the Add permissions button at the bottom to assign permission to the LeanIX SMP application.

  1. Click on the Grant admin consent button to enable configured permissions for the application.

  1. Next, click Yes to grant consent for the requested permissions.

  1. The permission status indicator in the API permissions page will change to approved.

Gather configuration settings


  1. Return back to application overview section from where you will need to grab the following identifiers. You need these values when granting LeanIX SMP access to your Microsoft Office 365:
      • Directory ID (also named Tenant ID)
      • Client ID (also named Application ID)

  1. Next, navigate to Certificates & secrets to generate a client secret, also referred to as the application password. Click on New client secret button to create a new password.
  2. Please select the expiration length of the password. Once the expiration date of the created client secret will be reached, you will have to create a new one and reconnect the service in LeanIX SMP. The description field is optional. Important note: Important note: Please make a note of the client secret as soon as it is revealed. It will be masked when you navigate away from the Certificates & secrets panel.

Configure Microsoft Office 365 Integration in LeanIX SMP

  1. Log in to the LeanIX SMP. Got to the Microsoft Office 365 service.
  2. Click on Integrate button and fill out the form with appropriate credentials:

  1. Enter Directory ID, Client ID and Client Secret.

Disable reporting anonymization of users

  1. Login to the Microsoft 365 admin center in
  2. Navigate to the Settings > Org settings > Reports

  1. Make sure that the following option is unchecked: In all reports, display de-identified names for users, groups, and sites

Frequently asked questions

1. Why do Microsoft users data appears as random characters?
Answer: The data anonymization has not been turned off - which is the last step in the instructions. You can turn it off by going to the Admin > Settings > Org settings > Reports and uncheck the following option: In all reports, display de-identified names for users, groups, and sites.

2. Why SecurityEvents are required to be tracked or captured?

Answer: Security events are not required for the manage integration at this point. Since the credentials used to be shared between different types of integrations, we also requested the permissions to SecurityEvents to assure that all integrations set up with the same credentials are running as expected. In the future we plan to incorporate data from security events other parts of the product to generate meaningful insights.

3. Are security events an optional permission?

Answer: If only the Manage Integration is needed, then yes, they can be skipped.