Azure AD

How do I set up the integration for Phishing & Awareness Training with Azure AD?

I. Setup Azure AD tenant app 

  1. Login to your Azure AD account
  2. Register a new app (from Azure AD tenant left menu > Choose App registrations)
  3. Select the option Accounts in this organizational directory only. 
  4. Proceed to API Permissions in the left menu and click New Registration.
    • The value of the Application (client) ID from the newly created app will be required in Security Center.
  5. Proceed to grant API permissions
    • Click on the newly created app and then View API permissions
    • Click Add a permission-> Microsoft Graph -> Application permission
    • Add  User.Read.All permission
    • Once added, select it and click on Grant admin consent
  6. Create client secrets:
    • From the left menu, choose Certificates & secrets
    • Proceed to click New client secret.
    • The value of the client secret will be required in Security Center
    • NOTE: It is important to copy and save this value directly, as you will only have one chance of doing so.
  7. Additional API values for Security Center
    1. In Azure Active Directory > Overview, note down the value of Primary domain (it can be yourdomain.onmicrosoft.com or example.com, depending on how your Azure tenant is configured). The full value is required for the integration in Security Center

II. Config Azure AD integration in Security Center

  1. Login to Security Center
  2. Click the menu in the top right corner
  3. Go to Integrations > Recipients.
    • In the Tenant domain field, provide the value of Azure tenant Primary domain (complete value).
    • In the Client ID field, provide the value of Application (client) ID
    • In the Client secret field, provide the value of Client secret Value
  4. To test connection (test authorization and required permission), click Establish connection (it may take up to 4 hours to grant app permissions).
  5. You should see a "Connected successfully!" message.
  6. If you do not achieve a successful connection, verify all values, including the tenant domain.

III. Sync users

  1. Login to Security Center
  2. Go to Phishing & Awareness Training > RECIPIENTS > RECIPIENTS
  3. Click +Add recipients and then Azure AD
  4. Configure import options and click Import
  5. You should see a message like Synced phishing recipients (X created / Y updated).