Skip to Content

Security & Compliance

Lynx Compliance - Microsoft 365 / Entra ID Connector

Pulls compliance evidence from Microsoft 365 / Entra ID via Microsoft Graph - user inventory, MFA registration, directory-role members, app registrations, audit logs, sign-in failures, Microsoft Secure Score.

Talk to sales See pricing

lynx_compliance_connector_microsoft_365 · v19.0.1.0.0 · Premium

What this solves

Lynx Compliance - Microsoft 365 Connector

Compliance evidence from Microsoft 365 + Entra ID (formerly Azure AD) via the Microsoft Graph API. Sister to the Google Workspace connector — same auditor questions, different cloud. Authentication is OAuth2 client-credentials (app-only) so the cron runs unattended: the customer registers an application in Entra ID, grants the necessary read-only Graph scopes, and pastes tenant_id + client_id + client_secret into the connector record.

Required Graph application permissions (admin-consented):

  • User.Read.All

  • Group.Read.All

  • Directory.Read.All

  • AuditLog.Read.All

  • SecurityEvents.Read.All

  • SecurityActions.Read.All

  • Reports.Read.All

Key Features

  • Microsoft 365 connector type - configure with tenant_id + client_id + client_secret as a JSON blob in credential_secret.

  • Eight resource pulls - users, MFA registration summary (via Graph reports), groups, directory-role members (Global Admin, Privileged Role Admin, etc.), application registrations, directory audit logs (90d), sign-in failure logs (7d), Microsoft Secure Score (latest).

  • Pre-seeded collectors - five collectors covering PR.AA-01 (workforce inventory), PR.AA-03 (MFA registration), PR.AA-05 (directory-role privileged users), DE.CM-01 (admin audit), and a quantitative Secure Score time-series.

  • Token caching - access token cached in connector_id session for the cron run; auto-refreshes when expired.

  • OData @odata.nextLink pagination - large tenants paginate transparently.

Integrates With

  • lynx_compliance_connectors - registers under the connector framework.

  • lynx_compliance_evidence_collectors - shipped collectors use the standard schedule.

  • Microsoft Graph via the requests HTTP client.

Depends on

base lynx_compliance lynx_license_enforcer lynx_base lynx_compliance_evidence_collectors lynx_compliance_connectors lynx_compliance_certification

Try Lynx Compliance - Microsoft 365 / Entra ID Connector on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules