Microsoft Entra
- 08 Nov 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Microsoft Entra
- Updated on 08 Nov 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Microsoft Entra is a comprehensive suite of identity and access management solutions from Microsoft, designed to secure and manage access to resources in hybrid and multi-cloud environments. Entra focuses on establishing strong identity protection, managing permissions, and securing access to apps, data, and resources across the organization.
Integration Method: API
Tables: Entity Management, Group Management, Account Change, User Inventory
Entra Configuration
The data collected in your Microsoft Entra logs enables you to assess many aspects of your Microsoft Entra tenant. It provides many ways to fetch logs as mentioned here. We have setup Microsoft graph API to fetch activity logs
Create a new App registration. Navigate to App registrations and click on New Registration
Create credentials for the new application
Copy the client key and secret id. This will be used in the DataBee configuration
Set up the permissions for the application. The required permissions are listed below
API/Permission Name | Type |
Application.Read.All | Application |
AttackSimulation.Read.All | Delegated |
AttackSimulation.Read.All | Application |
AuditLog.Read.All | Delegated |
AuditLog.Read.All | Application |
AuthenticationContext.Read.All | Delegated |
CustomAuthenticationExtension.Read.All | Delegated |
Device.Command | Delegated |
Device.Read | Delegated |
Device.Read.All | Delegated |
Device.Read.All | Application |
DeviceManagementManagedDevices.Read.All | Application |
DeviceManagementManagedDevices.ReadWrite.All | Application |
eDiscovery.Read.All | Delegated |
eDiscovery.Read.All | Application |
eDiscovery.ReadWrite.All | Delegated |
eDiscovery.ReadWrite.All | Application |
Reports.Read.All | Delegated |
Reports.Read.All | Application |
SecurityAlert.Read.All | Delegated |
SecurityAlert.Read.All | Application |
SecurityAlert.ReadWrite.All | Delegated |
SecurityEvents.Read.All | Application |
SecurityIncident.Read.All | Application |
ThreatHunting.Read.All | Application |
ThreatIndicators.Read.All | Delegated |
ThreatIndicators.Read.All | Application |
ThreatIntelligence.Read.All | Application |
User.Read | Delegated |
User.Read.All | Delegated |
User.Read.All | Application |
UserAuthenticationMethod.Read.All | Delegated |
UserAuthenticationMethod.Read.All | Application |
Note: Permissions can be added or removed based on specific use cases. Your Azure administrator will configure the necessary permissions. Additional permissions are available in the official Microsoft documentation.
DataBee Configuration
Login to the DataBee console and navigate to the Data > Data Sources tab
Click on Add New Source
Search for Microsoft Entra and select it
Select API Ingest
Enter basic contact information in the dialog box and click Next
In the detailed configuration boxes, ensure the following fields are filled
Authorization Method: OAuth2
Client Key: Paste the client key generated in the Microsoft console
Secret Key: Paste the client secret generated in the Microsoft console
API URL: https://graph.microsoft.com/v1.0/auditLogs/directoryAudits
Token URL: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
Replace the <tenant_id> placeholder with your tenant information
Was this article helpful?