Seqrite XDR

Azure AD Connector

Print Friendly, PDF & Email
  • Azure AD Connector Requirement.

  1. Sign in to the Microsoft Entra admin center.

  2. Browse to Identity > Applications > App registrations and select New registration.

  3. Enter a display Name for your application. Users of your application might see the display name when they use the app, for example during sign-in. You can change the display name at any time and multiple app registrations can share the same name. The app registration’s automatically generated Application (client) ID, not its display name, uniquely identifies your app within the identity platform.

  4. Select the Supported account types as Accounts in this organizational directory only (<Tenant Name/domain> only – Single tenant).

  5. Don’t enter anything for Redirect URI (optional).

  6. Select Register to complete the initial app registration.

  7. Once the registration finishes, the Microsoft Entra admin center displays the app registration’s Overview pane. You see the Application (client) ID. Also called the client ID.

  8. Also, you see the Client credentials, Select the Add certificate or secret > New client secret (or If using already registered, then select your application. Then Select Certificates & secrets > Client secrets > New client secret).

  9. Add a description for your client secret.

  10. Select an expiration for the secret or specify a custom lifetime. Client secret lifetime is limited to two years (24 months) or less. You can’t specify a custom lifetime longer than 24 months.

  11. Select Add.

  12. Record the secret’s value for use in your client application code. This secret value is never displayed again after you leave this page.

  13. Add permission to access Mail and User API,

    1. Select API permissions > Add a permission > Microsoft APIs. Select Microsoft Graph and then, Application permissions.
    2. Under Select permissions, Search for User, and Select User.Read, User.Read.All, User.ReadWrite.All.

  14. Select API permissions > Add a permission > Microsoft APIs. Select Microsoft Graph and then, Application permissions.

  15. Under Select Permissions, Search for Audit, and Select AuditLog.Read.All

  16. Rolling Window Login Anomaly – Number of Days to be consider for User Login Attempts to Identify the mean of User Login Time. (For Example: Rolling Window Login Anomaly as 5).

  17. Threshold Login Anomaly – Threshold in hours to detect the Login Anomalies based on the mean of Successful Login time. (For Example: If threshold as 2 hours. Then, if user mean login time is 9 AM and current login time is 11 AM. Then this will be not an anomaly. And If current login time of the user is 12 PM, then this will be detected as anomaly.)

  18. Rolling Window Location Anomaly – To Check the number of location for detecting anomalies. (For Example: Rolling Window Location Anomaly as 3. This means Last 3 locations.)

  19. Time Interval and Threshold: Suppose Time Interval as 5 minutes and Threshold as 3, then if an user in 5 minutes attempts an 3 failure login attempts, then 1 alert will be generate.

  • Configuration of Azure AD Connector.

  1. Under the connector, go to Ingestion.

  2. Select the Azure AD Connector, then click on configure the connector.

  3. Enter the Client Domain (Ex. quickheal.com), Client Id, Client Secret, Time Interval (in mins), Threshold Login Anomaly (in hrs), Rolling Window Login Anomaly (in days), Rolling Window Location Anomaly (Number of Location), and Failure Attempt Threshold (in numbers).

  4. Select the Validate and Save.

Was this page helpful?
Yes No