baton-ms365
is a connector for MS365 built using the Baton SDK. It works with Microsoft Graph API.
Check out Baton to learn more about the project in general.
Connector use Client credentials OAuth 2.0 flow. As described here connector exchange client id and client secret (or certificate) for access token. To obtain these credentials, you have to register an app as described in this tutorial. You can decide if you want to use client secret or certificate.
After you have obtained client id and secret, you can use them with connector. You can do this by setting BATON_MS365_CLIENT_ID
and BATON_MS365_CLIENT_SECRET
(or BATON_MS365_CLIENT_CERTIFICATE_PATH
) environment variables or by passing them as flags to baton-ms365 command. Also you have to set BATON_MS365_TENANT_ID
.
- User.Read.All
- Group.ReadWrite.All (could be just read if provisioning is not used)
- RoleManagement.ReadWrite.All (could be just read if provisioning is not used)
brew install conductorone/baton/baton conductorone/baton/baton-ms365
BATON_MS365_TENANT_ID=uuid BATON_MS365_CLIENT_ID=another-uuid BATON_MS365_CLIENT_SECRET=secret baton-ms365
baton resources
docker run --rm -v $(pwd):/out -e BATON_MS365_TENANT_ID=uuid BATON_MS365_CLIENT_ID=another-uuid BATON_MS365_CLIENT_SECRET=secret ghcr.io/conductorone/baton-ms365:latest -f "/out/sync.c1z"
docker run --rm -v $(pwd):/out ghcr.io/conductorone/baton:latest -f "/out/sync.c1z" resources
go install github.com/conductorone/baton/cmd/baton@main
go install github.com/conductorone/baton-ms365/cmd/baton-ms365@main
BATON_MS365_TENANT_ID=uuid BATON_MS365_CLIENT_ID=another-uuid BATON_MS365_CLIENT_SECRET=secret baton-ms365
baton resources
baton-ms365
will fetch information about the following MS365 resources:
- Users
- Groups
- Roles
We started Baton because we were tired of taking screenshots and manually building spreadsheets. We welcome contributions, and ideas, no matter how small -- our goal is to make identity and permissions sprawl less painful for everyone. If you have questions, problems, or ideas: Please open a Github Issue!
See CONTRIBUTING.md for more details.
baton-ms365
Usage:
baton-ms365 [flags]
baton-ms365 [command]
Available Commands:
capabilities Get connector capabilities
completion Generate the autocompletion script for the specified shell
help Help about any command
Flags:
--client-id string The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
--client-secret string The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
-f, --file string The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
-h, --help help for baton-ms365
--log-format string The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
--log-level string The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
--ms365-client-certificate-path string Path to client certificate file
--ms365-client-id string Client ID
--ms365-client-secret string Client Secret
--ms365-tenant-id string Tenant ID
-p, --provisioning This must be set in order for provisioning actions to be enabled. ($BATON_PROVISIONING)
-v, --version version for baton-ms365
Use "baton-ms365 [command] --help" for more information about a command.