GraphAPI integration

OutThink’s GraphAPI integration is readily available out of the box. Enabling is easy and straightforward: simply navigate to the Settings -> Integrations section.

To leverage the integration, administrators must first generate the necessary API keys in Microsoft GraphAPI and then integrate them into OutThink.

OutThink extracts 14 different insights and data-sets from GraphAPI. Each requires a specific level of permission granted in the GraphAPI API management for OutThink. To use all OutThink’s features, administrators must enable the appropriate permissions. These are listed below:

1. Employee avatars
   OutThink can collect employee avatar pictures and display them in the OutThink command center for easy visualization.
   Permission required: User.ReadBasic.All, User.Read.All
2. Identify managers
   OutThink can identify users who have employees reporting to them directly. Administrators can target managers with leadership training, and assess managers’ contribution to security culture.
   Permission required: RoleManagement.Read.Directory, Directory.Read.All
3. Line manager information
   OutThink can identify the line manager for each employee. This enables administrators to generate reports on specific teams and take appropriate escalation actions.
   Permission required: User.ReadBasic.All, User.Read.All
   
4. Working hours
   OutThink can correlate user activity in trainings and simulations with their working hours. This data greatly enriches reports on simulation performance.
   Permission required: MailboxSettings.Read
   
5. Out of office
   OutThink can correlate user activity in training and simulations with OOO status. The platform can analyze the contribution of OOO status to the number of compromised simulation users and adjust reports accordingly.
   Permission required: MailboxSettings.Read
   
6. Upcoming travel
   OutThink can identify users who are soon to travel, empowering administrators to manage this risk with relevant training and other measures.
   
7. Email fatigue
   OutThink can identify users facing very high levels of email communication. Administrators can provide relevant training on safe inbox management where it’s appropriate.
   Permission required: Mail.ReadBasic.All
   
8. Frequent cloud service users
   OutThink can identify the users who most frequently use cloud services, empowering administrators to manage this risk with relevant training and other measures.
   Permission required: AuditLog.Read.All, Directory.Read.All
   
9. Frequent social media users
   OutThink can identify the users who most frequently use social media, empowering administrators to manage this risk with relevant training and other measures.
   Permission required: Mail.ReadBasic.All
   
10. Device at risk
    OutThink can tag potentially high-risk users and their devices, empowering administrators to take immediate action.
    Permission required: DeviceManagementManagedDevices.Read.All
    
11. Elevated sign-in failures
    OutThink can identify users with a higher than normal authentication failure rate. By tagging them with “elevated sign-in failure,” the platform makes it easy for administrators to segment these users and support them with targeted training.
    Permission required: AuditLog.Read.All, Directory.Read.All
    
12. Remote work
    OutThink can identify users who frequently work in different locations, empowering administrators to manage this risk with relevant training and other measures.
    Permission required: AuditLog.Read.All, Directory.Read.All
    
13. Administrative role
    OutThink can identify users with administrative privileges and adjust their risk score based on their access level and behavior.
    Permission required: RoleManagement.Read.Directory, Directory.Read.All

How is the data used?

Segmentation capabilities
By ingesting GraphAPI data, OutThink’s segmentation engine is enriched, allowing more precise employee grouping for specific trainings or simulations. Below is a simple example using GraphAPI data in combination with data from a simulation campaign.

This rule captures all users who were compromised during a company-wide simulation campaign and also occupy an administrator role. This high-risk group can now be targeted with more robust training.

Human risk evaluation

Combining data from training, simulations, and third-party integrations hugely enriches employee risk-scoring. OutThink leverages specific GraphAPI data to assess and adjust the risk score of individual users. For instance, users experiencing email fatigue or using an at-risk device would be considered riskier than those who are not, assuming all other factors are equal.

By incorporating various data sources, OutThink can provide a more comprehensive and accurate assessment of an employee’s risk profile, enabling organizations to better address potential security threats.