Vanta's Office integration enables you to control which employees should be automatically marked in and out of scope in Vanta by creating and managing the "Vanta O365 Integration" app assignments within Azure.

 Be sure to consult with Support and your auditor to validate the set of accounts that should and should not be managed by Vanta.

Prerequisites 

• A minimum Microsoft 365 Business Standard + Azure AD Premium P1 subscription is required (see Vanta Integrations that may Require a Premium Service)
• 'Global Administrator' role in Microsoft Office365. 

Configure Office

• Login to Azure and navigate to the Enterprise applications page to find the "Vanta O365 Integration" app:

• Assign the Vanta O365 Integration app in Azure to the desired employees or groups:

Validate account assignments

• Verify that the list of employees and groups that are assigned to the Vanta app reflects your desired scoping preferences. 
  • Vanta recommends creating an automated provisioning process to assign the Vanta app to new employees or at least ensuring that you have developed a process.

Enable the feature in Vanta

• Open the Integrations page and find the Office 365 integration
• Select Manage
• Select Configure Scope 

• Enable the IdP scoping toggle

• Once this feature is enabled, all user scope will be managed through Azure, and the scoping toggle in Vanta will be disabled. Vanta will update the scope status for IdP accounts on the next data fetch, which happens hourly. 

Using Office for Workspaces

If you are using Vanta Workspaces, you can choose to scope in different sets of users for each Workspace by creating groups.

• Login to Azure and navigate to Enterprise applications.
• Click on Vanta O365 Integration and view the employees listed in Users and groups. The employees must first be assigned to the Vanta app to use the group scoping feature.
• Then, navigate to Azure Active Directory > Groups in the sidebar.
• Create a group that you will use to scope users in and out of Vanta by clicking New group. The name needs to start with Vanta followed by any text, i.e. Vanta Employees. 
• Assign the group to the subset of employees and groups in the Vanta O365 Integration app that you want to scope in. 

Once you finish creating the group, you can enable IdP scoping in Vanta. When you toggle IdP scoping, you’ll have the option to select what group to scope by.

Once this feature is enabled, all user scope will be managed through the selected Azure group, and the scoping toggle in Vanta will be disabled. Vanta will update the scope status for IdP accounts on the next data fetch, which happens hourly.