1Security

Integrations & Modules

Expand 1Security's capabilities through modular integrations while maintaining the principle of least privilege.

1Security is built from the ground up around the Principle of Least Privilege. By default, the platform operates entirely as a read-only visibility module, requiring only the minimum Microsoft 365 permissions necessary to map your environment.

You can optionally extend 1Security with additional capabilities through specific modules. This architecture ensures you only grant expanded permissions—especially write access or access to communication data—when you explicitly need those features.

Core Visibility (Default)

The base installation of 1Security provides complete operational visibility into your Microsoft 365 tenant without requiring any write permissions.

  • Permission Graph: A fully interactive tenant map of users, groups, applications, and resources.
  • Activity & Risk Monitoring: Out-of-the-box tracking of unified audit logs and basic risk scorings.
  • Built-in Sensitivity: 1Security's proprietary text-extraction and OCR engine securely scans file contents for sensitive patterns without requiring Purview or Exchange access.

Extension Modules

When you are ready to expand your workflow, you can enable the following extension modules from the Settings → Integrations dashboard. Each module requests a localized set of new permissions.

1. Sensitivity (1Security Engine + Microsoft Purview)

1Security includes a powerful, built-in sensitivity scanning engine that automatically identifies and classifies sensitive data across your Microsoft 365 environment. Using a combination of text extraction, OCR for images, and pattern matching, it detects over 300 types of sensitive information—all without requiring advanced Microsoft licenses.

Enabling this extension module expands these built-in capabilities by integrating directly with Microsoft Purview Information Protection.

  • Why it requires an extension: Requires explicit permissions to read your tenant's Purview configuration and sensitivity labels.
  • Benefits: Merges Microsoft Purview's native labeling system with 1Security's independent algorithmic scanning. This provides a powerful hybrid classification layer, allowing you to utilize your custom Purview labels alongside 1Security's findings, even if you don't have Purview autodiscovery licensed.

2. Email (Microsoft Exchange)

Expands the platform to analyze email traffic and individual mailbox contents.

  • Why it requires an extension: Requires explicit read access to Exchange mailbox contents, email bodies, and attachments.
  • Benefits: Detects sensitive data shared via email, analyzes attachments in transit, and seamlessly maps complex email activities (like forwarding sensitive data externally) into the interactive permission graph.

3. Automations

Unlocks active remediation capabilities, transforming 1Security from an auditing platform into a security orchestrator.

  • Why it requires an extension: This is the only module that requires Write permissions in your Microsoft 365 tenant.
  • Benefits: Enables you to manage permissions at scale. You can create rules to instantly revoke stale external access, expire widely-shared sensitive links, remove overprivileged Copilot agents, and automatically remediate permission sprawl across thousands of files simultaneously.

Connecting Tenants

Connect additional Microsoft 365 tenants and troubleshoot connection issues.

Permission Graph

Learn how 1Security's permission graph provides a fully interactive tenant map for intuitive audits.

On this page

Core Visibility (Default)Extension Modules1. Sensitivity (1Security Engine + Microsoft Purview)2. Email (Microsoft Exchange)3. Automations