Azure AD Configuration Requirements and Setup
By following these steps, you can successfully configure the Azure AD Connector to forward events to your specified machine.
AD Ingestion Connector Requirements.
-
Navigate to the Microsoft Entra Admin Center and log in using your credentials.
-
Navigate to Identity > Applications > App registrations, and select New registration to create a new application registration.
-
Configure Application Display Name
- Provide a Display Name for the application. This name may be visible to users during app interactions, such as sign-in.
- Note that ,the Display Name is editable at any time and can be shared across multiple app registrations.
- The app's unique identifier is its automatically generated Application (client) ID, not the Display Name.
- Choose Supported account types as Accounts in this organizational directory (<Tenant Name/domain> only – Single tenant).
- Leave the Redirect URI (optional) field blank.
- Select Register to complete the initial app registration.
- Once the registration process is complete, the Microsoft Entra admin center will display the Overview pane for the app registration. In this pane, you will see the Application (client) ID, which is also known as the client ID.
- Additionally, you will see the Client credentials. To add a new client secret, select Add certificate or secret > New client secret. If you are using an already registered application, then select your application, go to Certificates & secrets > Client secrets, and select New client secret.
- Provide a description for the new client secret.
- Choose an expiration period for the secret or specify a custom lifetime. The client secret lifetime is limited to a maximum of two years (24 months). You cannot set a custom lifetime longer than 24 months.
- Click Add to save the new client secret.
- Record the secret value for use in your client application code. This secret value will not be displayed again after you leave this page.
- Add permissions to access the Mail and User APIs:
- Go to API permissions > Add a permission > Microsoft APIs, select Microsoft Graph, and then choose Application permissions.
- Under Select Permissions, search for User, and select User.Read, User.Read.All, User.ReadWrite.All.
- Select API permissions > Add a permission > Microsoft APIs. Select Microsoft Graph and then, Application permissions.
- Under Select Permissions, Search for Audit, and Select AuditLog.Read.All
Configuration of AD Ingestion Connector.
- Under the connector, go to Ingestion.
- Select AD Response Connector. Click on Configure.
- Enter the Client Domain (Ex. quickheal.com), Client Id, and Client Secret.
- Select the Validate and Save.