Microsoft Azure Integration

Article summary

Did you find this summary helpful?

Thank you for your feedback

The Security Manager Microsoft Azure Integration monitors Microsoft Entra ID logs and Microsoft Defender alerts to provide the Microsoft Azure Alerts

Prerequisites

In the Microsoft Azure portal go to the Microsoft Entra ID service and create a new registration in the App Registrations section by clicking the + New Registration button. Fill in the name, support action types, and optional redirect URI.
Set API permissions in the API Permissions section by clicking the + Add a permission button. Ensure the following permissions are set at the application level:
- Microsoft Entra ID
  - IdentityRiskEvent.Read.All
  - IdentityRiskyUser.Read.All
  - IdentityRiskyServicePrincipal.ReadWrite.All
  - AuditLog.Read.All
- Microsoft Defender
  - SecurityAlert.ReadWrite.All
  - SecurityIncident.ReadWrite.All
  - Event.Write
  - File.Read.All
  - Machine.Isolate
  - Machine.ReadWrite.All
- Microsoft Intune
  - DeviceManagementConfiguration.Read.All
  - DeviceManagementApps.Read.All
  - DeviceManagementManagedDevices.Read.All
  - CloudPC.Read.All
  - Device.Read.All
  - DeviceManagementServiceConfig.Read.All
  - DeviceManagementRBAC.Read.All
  - Policy.Read.All
  - RoleManagement.Read.All
Grant the API permissions Admin consent to have them take effect.
Create the Application (client) secret in the Certificates & secrets section by clicking the + New client secret and copy the secret value.
- Note that the secret value is unrecoverable after this step so ensure you have copied it temporarily.
- The Value is needed, not the Secret ID.
In the Azure AD overview section, copy the Application (client) ID and Directory (tenant) ID.

Was this article helpful?

Table of contents