MS Office 365 GCC Integration

Instructions to Register an App for ControlMap in your GCC environment.


In order to connect your Office 365 GCC environment to ControlMap, you will need to register an application in your Office 365 GCC Active directory from the Active Directory / Azure portal.

You will need an admin role to perform the following operations.

This enterprise application will be used by ControlMap to scan your office environment and perform compliance checks.


Step 1:  Register a new enterprise application.

From your Azure portal’s home page, browse to (as shown in Figure 1)

Azure Active Directory > App Registrations > + New Registration


Figure 1

Register a new application with a name such as ‘ControlMap Office 365 Connector’ (or any name of your choice).

Under Supported Account Types, select the first option, Accounts in this organizational directory only ( only - Single tenant).

Click on the Register button at the bottom of the page.

Refer to figure 2 for details.


Figure 2


Step 2 – Record Tenant Id & Application Id

Once the application is registered, from the application Overview tab (in the left navigation) record the following two values. These two values along with the Client Secret (configured in the next step) will be required to create the connection in ControlMap.

  1. Directory(tenant) ID
  2. Application (client) ID

Figure 3


Step 3: Create and record the client secret.


From the overview page of the application registration create a new client secret (refer to Figure 3 and Figure 4).

Record the value of client's secret (Marked 3 below) before you move away from this page because this value will not be shown again.

Figure 4


Step 4 – Create permissions for the API.


ControlMap requires the following 6 permissions (refer Figure 5) for the API to function properly.


Figure 5

Follow the instructions below to add all 6 permissions.

4.1 Browse to your registered application and then select API Permissions from the left navigation. Click on the Microsoft Graph tile in the sidebar to add Microsoft Graph permissions.


4.2 Select the Application permissions tile. tbl2.png
4.3 Search for Directory and select the Directory.Read.All permission. tbl3.png
4.4 Search for Reports and select Reports.Read.All permission. tbl4.png

4.5 Search for Role Management and select the following permissions.

  1. RoleManagement.Read.All
  2. RoleManagement.Read,Directory


4.6 Search for Users and select the User.Read.All permission. tbl6.png


Step 5 – Grant admin consent for the permissions


The last step is to grant admin consent to the application permissions by clicking on the Grand Admin Consent button as shown in Figure 6 below.


Figure 6


Step 6 – Configure your application in ControlMap.


Use the values recorded (in Step-2 & Step-3) for Tenant ID, Application ID, and Client Secret in the configuration screen below to set up the MS Office 365 GCC connector in ControlMap.