SaaS Agent Security
Onboard M365 Copilot to SaaS Agent Security
Table of Contents
Onboard M365 Copilot to SaaS Agent Security
Onboard M365 Copilot to SaaS Agent Security to gain deep visibility and
security for your M365 Copilot platform and apps.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the SaaS Agent Security license:
|
Microsoft 365 Copilot is an AI-powered assistant integrated into Word, Excel,
PowerPoint, Outlook, Teams, and other Microsoft 365 apps, using Large Language
Models (LLMs) and your organization's data to help with tasks like drafting content,
analyzing data, summarizing meetings, and generating ideas, all while respecting
security and privacy. It acts as a "copilot" by streamlining workflows, boosting
creativity, and increasing productivity by turning natural language prompts into
actions and insights within your familiar work environment. Onboard M365 Copilot to
SaaS Agent Security to gain deep visibility and security for your M365
Copilot platform and apps.
Optional: If you want SaaS Agent Security to show user identity,
onboard the M365 Copilot SaaS Security Posture Management connector before onboarding M365 Copilot to SaaS Agent Security.
Prerequisites
- Ensure you have the necessary administrative privileges in your M365 Copilot instance.
To access your M365 Copilot instance, SaaS Agent Security requires the
following Azure information, which you will specify during the onboarding
process.
| Item | Description |
|---|---|
| Azure Email | An Azure email address refers to an email address used with Azure Communication Services (ACS), a cloud service that allows applications to send and receive emails |
| Azure Password | An Azure password is a credential for a user to access resources within an Azure environment, managed by Azure Active Directory (now Microsoft Entra ID) |
| Azure 2FA Secret | An Azure TOTP secret is a shared secret key that is used to generate Time-based One-Time Passwords (TOTP) for multi-factor authentication (MFA). This key, often a Base32-encoded string, is generated by Azure and shared between the Azure service and the user's authenticator app (like Microsoft Authenticator). Both the service and the app use this secret, along with the current time, to independently and securely generate the same six-digit code that changes every 30 seconds. |
- To start onboarding M365 Copilot to SaaS Agent Security, log in to Strata Cloud Manager.Select .
![]()
Ensure you have completed all the three steps mentioned in the following onboarding wizard and then Get Started.![]()
On the Authorization Method Selection page, the CREDENTIALS method is selected by default. Click Next.The CREDENTIALS method uses data extraction to fetch the agent activity details from your SaaS application tenant.![]()
Click Azure to select the SSO provider.![]()
Enter the following information in the SSO Provider details page and Complete:- Email address
- Password
- Azure 2FA secret (if you did not set up a 2FA secret in your Azure account, enter any random text to complete the step).
![]()
Specify a custom name for your M365 Copilot instance if needed and click Done.![]()
SaaS Agent Security establishes the connection and validates the credentials and permissions. After the validation is successful, you will see the following confirmation message.![]()
SaaS Agent Security immediately begins to scan your onboarded agentic platform after a successful validation.The amount of time SaaS Agent Security takes to scan varies based on the amount of data it is required to scan. At a minimum, it takes at least one hour to scan and display data in the SaaS Agent Security dashboard.
