Azure AD

How do I set up the integration with Azure AD?

To use the Azure integration to import recipients, follow the steps in this article.

Integration limitation

The current iteration of this integration allows users to be gathered from an AD and imported as recipients into the Security Center. This means that the integration does not sync the users between systems regularly.

Setup Azure AD tenant app 

  1. Login to your Azure AD account
  2. Register a new app (from Azure AD tenant left menu > Choose App registrations)
  3. Select the option Accounts in this organizational directory only. 
  4. Proceed to API Permissions in the left menu and click New Registration.
    • The value of the Application (client) ID from the newly created app will be required in Security Center.
  5. Proceed to grant API permissions
    • Click on the newly created app and then View API permissions
    • Click Add a permission-> Microsoft Graph -> Application permission
    • Add  User.Read.All permission
    • Once added, select it and click on Grant admin consent
  6. Create client secrets:
    • From the left menu, choose Certificates & secrets
    • Proceed to click New client secret.
    • The value of the client secret will be required in Security Center
    • NOTE: It is important to copy and save this value directly, as you will only have one chance of doing so.
  7. Additional API values for Security Center
    1. In Azure Active Directory > Overview, note down the value of Primary domain (it can be yourdomain.onmicrosoft.com or example.com, depending on how your Azure tenant is configured). The full value is required for the integration in Security Center

Configure Azure AD integration in Security Center

  1. Login to Security Center
  2. Click the menu in the top right corner
  3. Go to Integrations > Recipients.
    • In the Tenant domain field, provide the value of Azure tenant Primary domain (complete value).
    • In the Client ID field, provide the value of Application (client) ID
    • In the Client secret field, provide the value of Client secret Value
  4. To test connection (test authorization and required permission), click Establish connection (it may take up to 4 hours to grant app permissions).
  5. You should see a "Connected successfully!" message.
  6. If you fail to connect successfully, verify all values, including the tenant domain.

Import users

  1. Login to Security Center
  2. Go to Phishing & Awareness Training > RECIPIENTS > RECIPIENTS
  3. Click +Add recipients and then Azure AD
  4. Configure import options and click Import
  5. You should see a message like Synced phishing recipients (X created / Y updated).