Microsoft Azure Integration

The Security Manager Microsoft Azure Integration monitors Microsoft Entra ID logs and Microsoft Defender alerts to provide the Microsoft Azure Alerts

Prerequisites

• A Microsoft Azure Global Administrator Account

• A Microsoft A1, A2, or A3 license

• A Microsoft P2 license. Adds additional features and detections (Optional)

• A subscription for Microsoft Defender (Optional)

Integration Setup

Registering an Application for Microsoft Entra ID, and Microsoft Defender

1. In the Microsoft Azure portal go to the Microsoft Entra ID service and create a new registration in the App Registrations section by clicking the + New Registration button. Fill in the name, support action types, and optional redirect URI.

   

2. Set API permissions in the API Permissions section by clicking the + Add a permission button. Ensure the following permissions are set at the application level:

   • Microsoft Entra ID

     • IdentityRiskEvent.Read.All

     • IdentityRiskyUser.Read.All

     • IdentityRiskyServicePrincipal.ReadWrite.All

     • AuditLog.Read.All

   • Microsoft Defender

     • SecurityAlert.ReadWrite.All for Application

     • SecurityIncident.ReadWrite.All for Application

3. Grant the API permissions Admin consent to have them take effect.

4. Create the Application (client) secret in the Certificates & secrets section by clicking the + New client secret and copy the secret value.

   • Note that the secret value is unrecoverable after this step so ensure you have copied it temporarily.

   • The Value is needed, not the Secret ID.

     

5. In the Azure AD overview section, copy the Application (client) ID and Directory (tenant) ID.