How do I set up integration for PAT with Azure AD?

I. Setup Azure AD tenant app

  1. Login to your Azure AD account
  2. Register new app (from Azure AD tenant left menu > Choose App registrations)
  3. Select the option Accounts in this organizational directory only. 
  4. Proceed to API Permissions in the left menu and click New registration.
    • The value of Application (client) ID from the newly created app will be required in Security Center.
  5. Proceed to grant API permissions
    • Click on the newly created app and then View API permissions
    • Click Add a permission-> Microsoft Graph -> Application permissionimage__14_.png
    • Add  User.Read.All permission
    • Once added, select it and click on Grant admin consent
  6. Create client secrets:
    • From left menu choose Certificates & secrets
    • Proceed to click New client secret.
    • The value of the client secret will be required in Security Center
    • NOTE: It is important to copy and save this value directly as you will only have once chance of doing so.
  7. Additional API values for Security Center
    1. In Azure Active Directory > Overview, note down the value of Primary domain(can be yourdomain.onmicrosoft.com or example.com, depending on how your Azure tenant is configured). The full value is required for the integration in Security Center

II. Config Azure AD integration in Security Center

  1. Login to Security Center
  2. Click the Menu in the typ right corner
  3. Go to Integrations > Recipients.
    • In Tenant domain field provide value of Azure tenant Primary domain (complete value).
    • In Client ID field provide value of Application (client) ID
    • In Client secret field provide value of Client secret Value
  4. To test connection (test authorization and required permission) click Establish connection (it may take up to 4 hours to grant app permissions).
  5. You should see Connected successfully! message.
  6. If you do not achieve a successful connection, verify all values including the tenant domain.

III. Sync users

  1. Login to Security Center
  2. Go to Phishing & Awareness Training > RECIPIENTS > RECIPIENTS
  3. Click +Add recipients and then Azure AD
  4. Configure import options and click Import
  5. You should see message like Synced phishing recipients (X created / Y updated).
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.