Vanta's Office integration enables you to control which employees should be automatically marked in and out of scope in Vanta by creating and managing the "Vanta O365 Integration" app assignments within Azure.
Be sure to consult with Support and your auditor to validate the set of accounts that should and should not be managed by Vanta.
Prerequisites
- A minimum Microsoft 365 Business Standard + Azure AD Premium P1 subscription is required (see Vanta Integrations that may Require a Premium Service)
- 'Global Administrator' role in Microsoft Office365.
- Users to be synced must be User Type 'Member' ; User Typed 'Guest' will not sync
Configure Office
- Login to Azure and navigate to the Enterprise applications page to find the "Vanta O365 Integration" app:
- Assign the Vanta O365 Integration app in Azure to the desired employees or groups:
Validate account assignments
- Vanta recommends creating an automated provisioning process to assign the Vanta app to new employees or at least ensuring that you have developed a process.
Enable the feature in Vanta
- Open the Integrations page and find the Office 365 integration
- Select Manage
- Select Configure Scope
- Enable the IdP scoping toggle
- Once this feature is enabled, all user scope will be managed through Azure, and the scoping toggle in Vanta will be disabled. Vanta will update the scope status for IdP accounts on the next data fetch.
Using Office for Vanta Workspaces
Please note, the steps below only apply to customers who are utilizing Vanta's Workspaces feature. If you do not have workspaces, this article section does not apply to you. If you are using Vanta Workspaces, you can create groups to scope in different sets of users for each Workspace.
- Login to Azure and navigate to Enterprise applications.
- Click on Vanta O365 Integration and view the employees listed in Users and groups. To use the group scoping feature, the employees must first be assigned to the Vanta app.
- Then, navigate to Azure Active Directory > Groups in the sidebar.
- Click New group to create a group that you will use to scope users in and out of Vanta. The name needs to start with Vanta followed by any text, e.g., Vanta Employees.
- Assign the group to the subset of employees and groups in the Vanta O365 Integration app that you want to scope in.
Once you finish creating the group, you can enable IdP scoping in Vanta. When you toggle IdP scoping, you’ll have the option to select what group to scope by.
Once this feature is enabled, all user scope will be managed through the selected Azure group, and the scoping toggle in Vanta will be disabled. Vanta will update the scope status for IdP accounts on the next data fetch.