Configure Secure Access with Office 365 for Enhanced Data Loss Prevention

Available Languages

Download Options

  • PDF     (1.3 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.4 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.1 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 27, 2024
Document ID:221736

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the integration of Data Loss Prevention for Office 365 with Secure Access.

    Prerequisites

    • Office 365 E3 Subscription is present for your Microsoft tenant
    • Compliance auditing is configured as ON in the compliance portal before you start your integration

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Secure Access
    • Microsoft Azure Enterprise Applications and App Registrations

    Components Used

    The information in this document is based on these software and hardware versions:

    • Cisco Secure Access
    • Microsoft Azure
    • Microsoft 365 Compliance portal

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    Configuration on Azure

    To enable the application on Azure, configure according to the next steps:

    1. Navigate to the Azure Portal > Enterprise Applications > New Application.

    Azure - Enterprise Applications

    2. Click on Create your own Application.

    Azure - Entra Gallery

    3. Give a name you desire to identify the app and choose. Integrate any other application you don't find in the gallery (Non-Gallery).

    Azure - Create Your Own Application

    4. Once done, use the Azure Search Bar to look for App Registrations.

    Azure - APP Registration

    5. Click on All Applications and choose the application created in step Three.

    Azure - DLP Registered

    6. Choose API Permissions.

    Azure - API Permissions

    7. Click on Add a permission and choose the required permissions based on the Table.

    note-icon

    Note: For that, you must configure the API of Microsoft GraphOffice 365 Management APIs, and SharePoint.

    Azure - Add API Permissions

    Azure - Permissions

    note-icon

    Note: Instead of  Site.FullControl.All permission choose Sites.FullControl.All.

    • For that, you need to choose the permission based on the application and type:

    Azure - Request Azure Permissions

    Azure - Request Azure Permissions 2

    8. Once all the required permissions are added, click on Grant Admin Consent for the tenant.

    Azure - Grant Permissions

    Azure - Grant Admin Consent Confirmation

    • Once you grant the permissions, the status is visible as Granted

    Azure - Permissions Granted

    Now that the configuration on Azure is completed, you can continue the configuration on Secure Access.

    Configuration in Secure Access

    To enable the integration, configure according the next steps:

    1. Navigate to Admin > Authentication.
    2. Under Platforms, clickMicrosoft 365.
    3. Click Authorize New Tenant  in the DLP subsection and add Microsoft 365.
    4. In the Microsoft 365 Authorization dialog, check the checkboxes to verify you meet the prerequisites, then click Next.
    5. Provide a name for your tenant, then click Next.
    6. Click Next to be redirected to the Microsoft 365 login page.
    7. Log in to Microsoft 365 with admin credentials to grant access. Then, when you get redirected to Secure Access, you must have a message that indicates your integration was successful.
    8. Click Done to complete.

    Verify

    To verify if the integration was successful, navigate to your Secure Access Dashboard:

    • Click on Admin > Authentication > Microsoft 365

    And if everything is correctly configured, your status must be Authorized

    Secure Access - Authorized Office 365 Integration

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    27-Feb-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Clement Palmer
      TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products