Azure
This CLI integration is the basis for the Microsoft Defender and Microsoft InTune integrations. Follow these instructions to set up the Azure integration and then follow the instructions for the Defender, Cloud Defender, and/or InTune to further configure which integration will be used.
Azure Configuration
Set up a new application in Azure Entra ID to be used for API access to Defender and/or InTune. The following steps are general. See Microsoft Documentationn for specific steps:
- Sign in to Azure as a user with the Global Administrator role.
- Navigate to Microsoft Entra ID > App registrations > New registration.
- In the form, choose a name for your application, then select Register.
- On your application page, select API Permissions > Add permission > APIs my organization uses >
- Grant the "Security Reader" Role to the new application
- Select Application permissions. Choose the relevant permissions for your scenario. (e.g. Incident.Read.All, Investigation.Read). Click "Add permissions".
- For Defender:
- WindowsDefenderATP
- Alert.Read.All
- Alert.ReadWrite.All
- SecurityRecommendations.Read.All
- Vulnerability.Read.All
- WindowsDefenderATP
- For InTune:
- Microsoft Graph
- DeviceManagementConfiguration.Read.All
- DeviceManagementConfiguration.ReadWrite.All
- DeviceManagementManagedDevices.Read.All
- Device.Read.All
- Users.Read
- Microsoft Graph
- For Defender:
- Select Grant admin consent. Every time you add a permission, you must select Grant admin consent for it to take effect.
- Select Certificates & secrets, select New client secret, add a description to the secret, and then select Add.
- Record your application ID, your tenant ID, and Client Secret key. They're listed under Overview on your application page. Use these in the following RegScale Configuration.
init.yaml Configuration
There are multiple pieces of information needed to configure the Azure integrations via the CLI:
azure365ClientId
- Azure access key - Application ID from aboveazure365Secret
- Azure secret key - Client Secret Key from aboveazure365TenantId
- Azure tenant key - Tenant ID from aboveazureCloudClientId
- Azure access key- Application Id from aboveazureCloudSecret
- Azure secret key - Client Secret Key from aboveazureCloudSubscriptionId
- Azure subscription IDazureCloudTenantId
- Azure tenant key - Tenant ID from above
Updated 4 months ago