Cyber Security

Office365 & Azure Scanning


Nessus is capable of scanning Office 365 and Azure tenancies against a given known baseline. However, due to a lack of good documentation, setting up the credentials was tricky and resolving the below errors was even trickier.

  \"error\": {
    \"code\": \"Authorization_RequestDenied\",
    \"message\": \"Insufficient privileges to complete the operation.\",
    \"innerError\": {
      \"request-id\": \"7b4216bf-329b-42b7-9b03-bb441697d814\",
      \"date\": \"2019-11-25T10:41:46\"

Fortunately, the people over at Astrix have found the solution and wrote a great guide. To preserve this guide and update it as necessary, I have included it below:

Step 1 – Create Azure user Account

At, create a simple user account for Nessus. No administrative roles are required.

Make a note of the username and password.

Step 2 – Create an Azure Registered App

At, select New registration → enter a name such as Nessus → select Register.

In Overview, make a note of the Application (client) ID.

Step 3 – Generate the Azure App Client Secret

In Certificates & secrets, select New client secret → enter a name such as Nessus - <hostname> → select Add.

Make a note of the value.

Step 4 – Grant Azure App Admin Roles

Using a Microsoft web browser (yes, really), browse to either or then install the Exchange Online PowerShell Module.

Once the Exchange Online PowerShell Module is installed, open it and execute the following commands:


$displayName = "<Azure registered app name>";

$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId;

$roleName_companyAdmin = "Company Administrator";

Add-MsolRoleMember -RoleName $roleName_companyAdmin -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId;

$roleName_userAdmin = "User Account Administrator";

Add-MsolRoleMember -RoleName $roleName_userAdmin -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId;

Step 5 – Configure the Scan

Create a Audit Cloud Infrastructure compliance scan and configure it with the Office 365 credentials that you generated in previous steps.