Connect Microsoft 365 to Anzenna
Integrate Anzenna with Microsoft 365 to monitor OneDrive, SharePoint, Teams, Exchange, and enable optional security remediation capabilities.
Prerequisites
- Microsoft 365 Global Administrator access
- Anzenna account
- Azure AD admin permissions
- PowerShell (for optional features)
Overview
The integration provides:
OneDrive and SharePoint activity monitoring
- Teams collaboration tracking
- Exchange email monitoring
- User activity logs
- Optional: Password reset capabilities
- Optional: Software uninstall capabilities
- Optional: Audit log recording
Step-by-Step Instructions
Part 1: Initial Connection
Sign into
app.anzenna.ai
Navigate to Settings > Integrations
Select Connect Apps
Click Connect to Microsoft 365
Part 2: Microsoft Authentication
- Review the requested permissions
Click Accept to grant permissions
Sign into your Microsoft account
- Complete the authentication process
- Return to Anzenna to verify connection
Optional Feature Configurations
Option 1: Password Reset Permissions
Enable Anzenna to reset potentially compromised user passwords.
Access Azure Portal
Navigate to
portal.azure.com
Go to Microsoft Entra ID (formerly Azure AD)
Click Roles and administrators
Assign Password Administrator Role
Search for Password Administrator
- Click on the role to open it
Click Add assignments
Search for Anzenna service principal
- Select the Anzenna app
Click Add to assign the role
This role allows Anzenna to reset regular user passwords but not administrator passwords, maintaining security boundaries.
Grant Microsoft Graph Permissions
- Open PowerShell as administrator
- Run the following script to grant permissions:
# Install Microsoft Graph module
Install-Module Microsoft.Graph -Scope CurrentUser
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "AppRoleAssignment.ReadWrite.All"
# Get Anzenna Service Principal
$sp = Get-MgServicePrincipal -Filter "displayName eq 'Anzenna'"
# Get Microsoft Graph Service Principal
$graph = Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
# Grant User.ReadWrite.All permission
$appRole = $graph.AppRoles | Where-Object {$_.Value -eq "User.ReadWrite.All"}
New-MgServicePrincipalAppRoleAssignment `
-ServicePrincipalId $sp.Id `
-PrincipalId $sp.Id `
-ResourceId $graph.Id `
-AppRoleId $appRole. `
- Verify the script completes without errors
Option 2: Software Uninstall Permissions
Enable Anzenna to uninstall applications from managed devices.
Grant Microsoft Graph Permissions
- Ensure PowerShell is installed
Run the following script:
# Install Microsoft Graph module
Install-Module Microsoft.Graph -Scope CurrentUser
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "AppRoleAssignment.ReadWrite.All"
# Get Anzenna Service Principal
$sp = Get-MgServicePrincipal -Filter "displayName eq 'Anzenna'"
# Get Microsoft Graph Service Principal
$graph = Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
# Grant DeviceManagementConfiguration.ReadWrite.All permission
$appRole = $graph.AppRoles | Where-Object {$_.Value -eq "DeviceManagementConfiguration.ReadWrite.All"}
# Assign the AppRole
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $sp.Id -PrincipalId $sp.Id -ResourceId $graph.Id -AppRoleId $appRole.Id- Verify the script completes without errors
Option 3: Activity Monitoring (Audit Logs)
Enable recording of user and administrator activity.
Navigate to
compliance.microsoft.com
(formerly purview.microsoft.com)
Go to Audit section
Click Start recording user and admin activity
- Enable audit log recording
Audit logs have retention limits based on your Microsoft 365 license. E5 licenses offer longer retention periods.
Verification
Return to Anzenna > Integrations
Verify Microsoft 365 shows Connected
- Wait 30 minutes for initial sync
Check Documents dashboard for OneDrive files
Review Activity logs for user events
If enabled, test password reset capability in sandbox
What Data is Collected
OneDrive & SharePoint
- File activity (create, modify, delete)
- Sharing events
- Permission changes
- Download activity
- External sharing
Microsoft Teams
- Team creations
- Channel activity
- File sharing in Teams
- Guest additions
- Chat file transfers
Exchange Online
- Email activity (optional)
- Mailbox access
- Forwarding rules
- External email sharing
User Activity
- Login events
- Application usage
- Device sign-ins
- Risk detections
- Admin actions
Devices
- Enrolled devices
- Compliance status
- Installed applications
- Security settings
Remediation Capabilities
With optional permissions enabled:
Password Reset
- Reset compromised user passwords
- Force password change on next login
- Exclude administrators from resets
- Logged in both Anzenna and Azure AD
Software Management
- Uninstall risky applications
- Remove unauthorized software
- Deploy security patches
- Manage device configurations
Troubleshooting
Connection Fails
Authorization errors:
- Verify Global Administrator role
- Check permissions were accepted
- Ensure service principal exists
- Review Azure AD sign-in logs
PowerShell Script Errors
Script fails to run:
- Run PowerShell as Administrator
- Install Microsoft.Graph module
- Verify internet connectivity
- Check Azure AD permissions
No Audit Data
Activity logs not appearing:
- Verify audit logging is enabled
- Wait 24 hours for initial data
- Check license includes audit logs
- Review compliance center settings
Password Reset Not Working
Cannot reset passwords:
Verify Password Administrator role assigned
- Check Graph API permissions granted
- Ensure user is not an administrator
- Review Azure AD audit logs for errors
Security Considerations
Service principal - Anzenna uses Azure AD app identity
Role-based access - Only grants specific permissions
Admin exclusion - Cannot reset admin passwords
Audit trails - All actions logged in Azure AD
Revocable - Permissions can be removed anytime
Best Practices
Start with monitoring - Add remediation features later
Test in sandbox - Verify password reset with test user
Monitor audit logs - Review Anzenna's actions regularly
Document permissions - Record which features are enabled
Regular reviews - Audit permissions quarterly
User notification - Inform about password reset capability
Emergency procedures - Document how to revoke access quickly
Integration Maintenance
Regular Checks
Perform monthly:
- Verify connection status
- Review data sync freshness
- Check audit log coverage
- Test remediation capabilities
Permission Updates
To modify permissions:
- Edit app registration in Azure AD
- Grant or revoke API permissions
- Admin consent may be required
- Changes take effect immediately
Service Principal Management
Monitor service principal:
- Review sign-in logs
- Check for any failures
- Audit actions performed
- Verify certificate expiration
Microsoft 365 License Requirements
Different licenses provide different data access:
| License | Audit Retention | Advanced Features |
|---|---|---|
| Business Basic | 90 days | Limited |
| Business Standard | 90 days | Standard |
| E3 | 90 days | Advanced |
| E5 | 365 days | All features |
Related Resources
Need help? Contact
Anzenna Support
for assistance.