Application Authorization

Authorize Lockstep to perform comprehensive security assessments on your Microsoft 365 environment.

Authorization Overview

This authorization grants Lockstep read-only access to your Microsoft 365 environment to perform security assessments using the Maester framework. All permissions are application-level and require Global Administrator consent.

Required: You must be a Global Administrator in your tenant to grant these permissions.

Permissions Requested

The following read-only application permissions will be granted:

Directory & Users

Directory.Read.All - Read directory data, users, and groups

Security Policies

Policy.Read.All - Read all organization policies

Conditional Access

Policy.Read.ConditionalAccess - Read Conditional Access policies

Authentication Methods

UserAuthenticationMethod.Read.All - Read user authentication methods

Reports & Analytics

Reports.Read.All - Read usage reports and analytics

Security Events

IdentityRiskEvent.Read.All - Read identity risk events and security data

Device Management

DeviceManagementConfiguration.Read.All - Read Intune device configurations

SharePoint Settings

SharePointTenantSettings.Read.All - Read SharePoint tenant settings

READ-ONLY ACCESS

All permissions are read-only. No modifications can be made to your tenant configuration.

You will be redirected to Microsoft's secure authentication page to review and approve these permissions.

Additional Information

What is Maester?

Maester is an enterprise security assessment framework that evaluates Microsoft 365 environments against industry best practices, compliance standards, and security benchmarks including CISA guidelines.

Can Lockstep modify my tenant configuration?

No. All requested permissions are read-only application permissions. Lockstep can only view your configuration and security settings, not modify them.

How do I revoke access?

Access can be revoked at any time through Azure Portal → Enterprise Applications → "Lockstep Maester Security Assessment" → Delete. Alternatively, contact your Lockstep representative.

What happens after authorization?

A Service Principal will be created in your tenant. You will need to provide your Tenant ID to Lockstep to complete the onboarding process. Security assessments can then be scheduled and executed.