Microsoft 365 Compliance - Configure, Edit, and Delete

ALERT LEGACY ARTICLE: The content in this article is no longer updated and is available for reference purposes only. Features and workflows described may be deprecated, significantly changed, or no longer supported.

Environment

Datto EDR

Description

The M365 compliance feature will primarily focus on establishing a baseline of security standards for an M365 environment leveraging known industry security standards (CIS Benchmark) for M365. The M365 Security Module will provide Datto EDR the ability to score and grade an M365 environment with a risk score, identify issues, and highlight recommended remediation steps.

The following services will be covered within Datto EDR's M365 Security Model:

Exchange Online
SharePoint Online
Skype & Teams
Azure Active Directory
inTune

Configuration

Prerequisite

An M365 account with Global Admin privileges is required to configure integration. Datto EDR recommends that you create a service account for Datto EDR in the M365 space.

1. Navigate to the Discover Tab→Compliance.

You can access the Compliance Query section of the app can be accessed by clicking the Compliance button the left hand side of the Discover tab.

The Compliance query screen will list all successfully created queries that can be used to scan a given M365 environment.
You can sort the list can be sorted by Name, Domain, Created, and Last Scanned columns/
You can also add new queries from this screen.

2. Select the Add compliance Query button

New compliance queries can be added using the Add compliance query button at the top right hand side of the query list. Clicking this button will open a new window to specify the query name, schedule, and type.

3. Configure your query

1. Name your Compliance Query -- Compliance Query Names must be unique and have a max length of 50 characters.

2. Select "Microsoft 365" as the TYPE.Â (note: as of the publish date of this article, Microsoft 365 is the only option)

3. Select a schedule to repeat scans on a regular cadence.

4. Once the Sign-In button turns blue, click it to proceed.

Clicking the button will display a separate browser window where M365 credentials are entered.

-- A successful sign in with a global admin account will display a Permission requested screen.

-- Clicking the accept option will complete the sign in process, and close the child window.

Edit compliance query

On the compliance query list, clicking the query name link will display an Edit compliance query window.

Only the name and schedule can be updated from here, a new query name must be unique, and still stay under the 50 character limit.

The Domain used cannot be updated. To change the domain or to add domains a new query must be created.

Delete compliance query

Existing compliance queries can be deleted using the action menu for individual lines on the compliance queries list. The Delete confirmation window will display, and list item will be removed permanently after clicking the okay button.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.