HomeGuidesAPI ReferenceChangelogDiscussions
Log In

This CLI integration is the basis for the Microsoft Defender and Microsoft InTune integrations. Follow these instructions to set up the Azure integration and then follow the instructions for the Defender, Cloud Defender, and/or InTune to further configure which integration will be used.

Azure Configuration

Set up a new application in Azure Entra ID to be used for API access to Defender and/or InTune. The following steps are general. See Microsoft Documentationn for specific steps:

  • Sign in to Azure as a user with the Global Administrator role.
  • Navigate to Microsoft Entra ID > App registrations > New registration.
  • In the form, choose a name for your application, then select Register.
  • On your application page, select API Permissions > Add permission > APIs my organization uses >
  • Select Application permissions. Choose the relevant permissions for your scenario. (e.g. Incident.Read.All, Investigation.Read). Click "Add permissions".
    • For Defender:
      • WindowsDefenderATP
        • Alert.Read.All
        • Alert.ReadWrite.All
        • SecurityRecommendations.Read.All
        • Vulnerability.Read.All
    • For InTune:
      • Microsoft Graph
        • DeviceManagementConfiguration.Read.All
        • DeviceManagementConfiguration.ReadWrite.All
        • DeviceManagementManagedDevices.Read.All
        • Device.Read.All
        • Users.Read
  • Select Grant admin consent. Every time you add a permission, you must select Grant admin consent for it to take effect.
  • Select Certificates & secrets, select New client secret, add a description to the secret, and then select Add.
  • Record your application ID, your tenant ID, and Client Secret key. They're listed under Overview on your application page. Use these in the following RegScale Configuration.

init.yaml Configuration

There are multiple pieces of information needed to configure the Azure integrations via the CLI:

  • azure365ClientId - Azure access key - Application ID from above
  • azure365Secret - Azure secret key - Client Secret Key from above
  • azure365TenantId - Azure tenant key - Tenant ID from above
  • azureCloudClientId - Azure access key- Application Id from above
  • azureCloudSecret - Azure secret key - Client Secret Key from above
  • azureCloudSubscriptionId - Azure subscription ID
  • azureCloudTenantId - Azure tenant key - Tenant ID from above