TrustCyber is a Microsoft Security Risk Intelligence Platform that analyzes your Microsoft 365 security posture, identifies exposure across critical domains, and generates a prioritized remediation roadmap aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2.

How long does the security assessment take?

The TrustCyber risk assessment takes approximately 7 minutes to complete. No system access or technical expertise is required.

What security frameworks does TrustCyber align with?

TrustCyber assessments and remediation roadmaps are aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2 frameworks.

Does TrustCyber require access to my systems?

No. TrustCyber does not require direct access to your systems or infrastructure. The assessment is completed through a structured questionnaire.

Guides & Articles

Azure App Registration

Step-by-step guide to creating an Azure App Registration that allows TrustCyber to connect to your Microsoft 365 tenant and read security posture data through the Microsoft Graph API.

NoteYou must be a Global Administrator or Privileged Role Administrator in your Azure Active Directory tenant to create an App Registration and grant admin consent for the required permissions.

What Is an Azure App Registration?

An Azure App Registration is a security principal in Azure Active Directory (Azure AD) that represents an application — in this case, TrustCyber. It defines what the application can access and how it authenticates. TrustCyber uses an App Registration to authenticate with the Microsoft Graph API and read your organization's security posture data using read-only permissions.

Step 1: Create the App Registration

Sign in to the Azure portal at portal.azure.com with a Global Administrator account.
Navigate to Azure Active Directory → App Registrations.
Click New Registration.
Enter a name for the application, such as TrustCyber Security Scanner.
Under Supported account types, select Accounts in this organizational directory only.
Leave the Redirect URI blank for now.
Click Register.

After registration, you will see the application's Overview page. Note the Application (Client) ID and Directory (Tenant) ID — you will need both values when connecting TrustCyber to your tenant.

Step 2: Create a Client Secret

In your App Registration, navigate to Certificates & Secrets.
Click New Client Secret.
Enter a description such as TrustCyber API Key.
Set the expiration to 24 months (recommended).
Click Add.
Copy the secret Value immediately — it will not be shown again after you leave this page.

ImportantThe client secret value is only shown once. If you navigate away without copying it, you will need to create a new secret. Store the secret securely — do not commit it to source control or share it in plain text.

Step 3: Grant Microsoft Graph Permissions

TrustCyber requires the following Microsoft Graph application permissions. These are read-only permissions — TrustCyber cannot modify any data in your Microsoft 365 environment.

Permission	Type	Justification
SecurityEvents.Read.All	Application	Read security alerts from Microsoft Defender and Sentinel
Policy.Read.All	Application	Read conditional access policies and MFA enforcement settings
Reports.Read.All	Application	Read Microsoft 365 security and compliance reports
Directory.Read.All	Application	Read user accounts, groups, and directory objects
AuditLog.Read.All	Application	Read Azure AD sign-in and audit logs
IdentityRiskyUser.Read.All	Application	Read risky user detections from Azure AD Identity Protection
DeviceManagementConfiguration.Read.All	Application	Read Intune device compliance policies

In your App Registration, navigate to API Permissions.
Click Add a Permission → Microsoft Graph → Application Permissions.
Search for and select each permission listed above.
Click Add Permissions.
Click Grant Admin Consent for [Your Organization] and confirm.
All permissions should now show a green checkmark under Status.

Step 4: Enter Credentials in TrustCyber

Once the App Registration is configured, return to TrustCyber and navigate to Settings → Microsoft 365 Connection. Enter the following values from your Azure App Registration:

TrustCyber Field	Azure Portal Value
Tenant ID	Directory (Tenant) ID from App Registration Overview
Client ID	Application (Client) ID from App Registration Overview
Client Secret	Secret Value from Certificates & Secrets

Step 5: Verify the Connection

After saving your credentials, TrustCyber will perform a connection test by making a test call to the Microsoft Graph API. If the connection is successful, you will see a green Connected status in Settings → Microsoft 365 Connection. If the connection fails, verify that admin consent was granted and that the client secret has not expired.

NoteTrustCyber refreshes your security data every 24 hours. You can also trigger a manual refresh from the Dashboard by clicking Refresh Data.

Security Considerations

All permissions are read-only. TrustCyber cannot create, modify, or delete any data in your Microsoft 365 environment.
Client secrets are encrypted at rest using AES-256 and are never stored in plain text.
TrustCyber does not store raw Microsoft Graph API responses — only the derived security metrics and findings.
You can revoke TrustCyber's access at any time by deleting the App Registration or removing the client secret from Azure AD.
TrustCyber is SOC 2 Type II certified. See the Security & Privacy section for full details.

← PreviousQuickstart GuideGuides & Articles

Next →ChangelogGuides & Articles