Add Office 365 Account
After all the Office 365 configurations are completed from previous sections, follow these steps to add your Office 365 account on FortiCASB.
- Log into FortiCASB with your account.
- Go to Overview > Dashboard, click on Add New, select Office 365, then click Add Selected Cloud App.
- Make sure you have completed all Office 365 configurations, and click Grant Access @Office 365.
- After logged in, Office 365 will prompt you to accept FortiCASB access. FortiCASB only request partial permissions from the global administrator user.
- Click Accept to grant permissions to FortiCASB. Office 365 may ask you to grant access to FortiCASB three more times to confirm this process. Afterward, you will be redirected back to FortiCASB.
You will be redirected to the Office 365 login screen, enter your account password and log in.
Here is the complete list of permissions requested:
Permissions requested by FortiCASB |
---|
Manage access reviews that you can access |
Read applications |
Read audit log data |
Read consent requests |
Read your contacts |
Read delegated permission grants |
Access the directory as you |
Read directory data |
Read domains. |
Read all files that you have access to |
Have full access to all files you have access to |
Read all groups |
Read all OneNote notebooks that you can access |
Maintain access to data you have given it access to |
Read organization information |
Read all users’ relevant people lists |
Read your organization's policies |
Read your organization's conditional access policies |
Read your organization’s identity protection policy |
Read consent and permission grant policies |
Read privileged access to Azure AD |
Read privileged access to Azure AD groups |
Read privileged access to your Azure resources |
Read directory RBAC settings |
Read your organization's security actions |
Read your organization’s security events |
Have full control of all your site collections |
Create, edit, and delete items and lists in all your site collections |
Read items in all site collections |
Edit or delete items in all site collections |
Export user's data |
Sign you in and read your profile |
Read all users' full profiles |
Read all users' basic profiles |
Read and write user profiles |
Read and write your files |
Have full control of all site collections |
Read and write items and lists in all site collections |
Read and write items in all site collections |
Run search queries |
Read and write managed metadata |
Read activity data for your organization |
Read DLP policy events including detected sensitive data |
Read service health information for your organization |
You can see the installation checklist and status in the Office 365 dashboard. Please allow up to 15 minutes for the account to be fully added.