> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Entra (Office 365)

> How DSALTA integrates with Entra (Office 365) — data collected, setup guide, and automated compliance checks.

## Overview

DSALTA connects to Entra (Office 365) using read-only access to your Microsoft 365 / Entra directory to collect compliance evidence automatically. It signs in with Microsoft SSO and syncs your users and groups from Microsoft Graph. Data syncs every 24 hours and feeds into your Data Library modules.

<Info>
  **Read-only access.** DSALTA never modifies, creates, or deletes resources in your Office 365 / Entra directory.
</Info>

## How to Connect

**Before you begin**

* You need a Microsoft Entra ID (Azure AD) **Global Administrator** or **Privileged Role Administrator** account.
* That account must have permission to **grant admin consent** for application permissions.

<Steps>
  <Step title="Open the integration">
    Go to **Integrations** in the DSALTA sidebar, find **Entra (Office 365)**, and click **Connect**. Choose **Sign in with Microsoft (SSO)**.
  </Step>

  <Step title="Enter your Tenant ID">
    Enter your Microsoft Entra ID **Tenant ID**. You can find it in **Azure Portal → Microsoft Entra ID → Overview → Tenant ID**.
  </Step>

  <Step title="Sign in with Microsoft (admin consent)">
    Click **Connect** and sign in with a Global Administrator (or Privileged Role Administrator) account. Approve read-only access for the DSALTA app. The directory read permissions used are **User.Read.All**, **Group.Read.All**, and **Directory.Read.All**.
  </Step>

  <Step title="Validate and sync">
    DSALTA verifies the connection and lists your Office 365 users. It then performs an initial sync; checks activate after the sync completes.
  </Step>
</Steps>

## Automated Compliance Checks

Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.

| Check                                                                                                                  | Description                                                                   |
| ---------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| [MFA should be enabled for all users](/integrations/microsoft-office-365/mfa-enabled-all-users)                        | Checks that MFA is enabled for all Microsoft Entra ID users.                  |
| [User access to Critical System should be valid](/integrations/microsoft-office-365/critical-system-access-valid)      | Checks that users with access to critical systems are authorized in Entra ID. |
| [Offboarded users should not have active access](/integrations/microsoft-office-365/offboarded-users-no-active-access) | Checks that offboarded users no longer have active Entra ID access.           |

## Troubleshooting

<AccordionGroup>
  <Accordion title="Integration shows Disconnected">
    Re-authenticate from **Integrations → Entra (Office 365) → Reconnect** and sign in again with a Global Administrator or Privileged Role Administrator account. This usually happens when admin consent is revoked or the sign-in session expires.
  </Accordion>

  <Accordion title="Data is not syncing">
    Confirm the connected account is still a Global Administrator (or Privileged Role Administrator) and that admin consent for **User.Read.All**, **Group.Read.All**, and **Directory.Read.All** is still granted. Verify the Tenant ID is correct, then trigger a manual sync from the integration settings.
  </Accordion>
</AccordionGroup>
