Seqrite XDR

Azure AD Connector

Print Friendly, PDF & Email

Here’s a professionally written and structured version of your Azure AD Connector Requirement guide:

Azure AD Connector Setup Guide

1. Register an Application in Microsoft Entra Admin Center

  1. Sign in to the Microsoft Entra Admin Center.

  2. Navigate to Identity > Applications > App registrations.

  3. Click New registration.

  4. In the Register an application form:

    • Name: Enter a descriptive display name for the application. This name will appear to users during sign-in.
    • Supported account types: Select
      Accounts in this organizational directory only (\<Tenant Name/Domain> – Single tenant).
    • Leave Redirect URI (optional) blank.

  5. Click Register to complete the app registration.

After registration, you will be redirected to the app’s Overview page, where the Application (client) ID will be displayed. This client ID uniquely identifies your app.

2. Create a Client Secret

  1. In your registered application, go to Certificates & secrets.
  2. Under Client secrets, click + New client secret.
  3. Enter a description for the secret (e.g., AzureADConnectorSecret).
  4. Choose an expiration period or define a custom duration (maximum of 24 months).
  5. Click Add.

⚠️ Important: Copy and save the secret value immediately. It will not be shown again once you leave the page.

3. Grant Required API Permissions

To allow the application to access user and audit data, follow these steps:

  1. Go to API permissions > + Add a permission.

  2. Choose Microsoft Graph > Application permissions.

  3. Search for and add the following permissions:

    • User Permissions:

      • User.Read
      • User.Read.All
      • User.ReadWrite.All

    • Audit Permissions:

      • AuditLog.Read.All

  4. After adding all permissions, click Grant admin consent to authorize them.

4. Define Anomaly Detection Parameters

Configure thresholds to monitor and detect anomalies in login behavior:

  • Rolling Window Login Anomaly (Days)
    Number of days to evaluate login times to compute the mean login time per user.
    Example: 5

  • Threshold Login Anomaly (Hours)
    Allowed deviation in hours from the mean login time.
    Example: If the threshold is 2 and the mean login time is 9:00 AM, then a login at 12:00 PM will be flagged as an anomaly.

  • Rolling Window Location Anomaly (Locations)
    Number of recent locations to analyze for detecting location-based anomalies.
    Example: 3 (Last 3 locations are considered)

  • Login Failure Threshold and Interval
    Set a time-based failure alert rule.
    Example: If the interval is 5 minutes and the threshold is 3, then 3 failed login attempts within 5 minutes will trigger an alert.

5. Configure the Azure AD Connector

  1. Go to the Ingestion section of your connector platform.

  2. Select the Azure AD Connector and click Configure.

  3. Enter the following configuration details:

    • Client Domain (e.g., quickheal.com)
    • Client ID
    • Client Secret
    • Time Interval (in minutes)
    • Threshold Login Anomaly (in hours)
    • Rolling Window Login Anomaly (in days)
    • Rolling Window Location Anomaly (number of locations)
    • Failure Attempt Threshold (number of attempts)

  4. Click Validate and Save to finalize the configuration.

Was this page helpful?
Yes No