# Microsoft Azure AD

The NetSPI Platform has a broad integration with the Microsoft Azure AD.

Similar to our other integrations, the Microsoft Azure AD integration is read-only and does not perform actions to configure systems or otherwise change anything about your Microsoft Azure AD system.

# Supported asset types

Thr Microsoft Azure AD integration provides the NetSPI Platform visibility into the following asset types:

• Systems
• Users

# Data run frequency

The Microsoft Azure AD integration pulls data every six hours.

# Endpoints used

This integration needs access to the following API endpoints:

• https://graph.microsoft.com/v1.0/devices
• https://graph.microsoft.com/v1.0/devices/{system['id']}/registeredUsers

# Required permissions

This integration needs the following permissions:

• Device.Read.All
• Directory.Read.All

# Configuration steps

Use the section below for configuring Microsoft Azure AD to integrate with the NetSPI Platform.

# Step one: Microsoft AD configuration

1. Sign in to the Microsoft Entra ID portal (https://portal.azure.com/), and select View for the Manage Microsoft Entra ID option.

   

2. Select App registrations in the left pane.

   

3. Select New registration along the top row of tabs.

   

4. Provide a descriptive name for the registration in the Name field and select the Register button at the bottom to save

   

5. Locate your app registration on the the All Applications tab and select it to display the Preview Features information.

   

   

   Copy the values for Application (client) ID and Directory (tenant) ID as they will be needed when configuring the integration in the NetSPI Platform.

6. Select Certificates & secrets in the left pane, select the Client secrets tab, and select New client secret to display the Add a client secret dialog box..

   

7. Select an appropriate expiration period for the client secret and then select the Add button.

8. Once the client secret has been created, select the Copy icon to the right of the Value field and record the value as it will be needed when configuring the integration in the NetSPI Platform.

   

9. Select API Permissions in the left navigation to display the API permissions page.

   

10. Select Add a permission and add permissions for the following:

• Device.Read.All

• Directory.Read.All

When you are finished, the API permissions should appear similar to the example below:

11. Select the Grant admin consent for button, and then select Yes.

# Step two: NetSPI Platform CAASM configuration

Use the steps below to configure the Microsoft Azure AD integration in the NetSPI Platform.

1. Log into the NetSPI Platform as a Client Admin user.

2. Navigate to Settings -> CAASM Integrations to display the Integrations page.

   

3. Select the Integration Library tab -> Integration Categories / Identity and Access Management (IAM) -> Microsoft Azure AD Integration.

   

   This brings the Microsoft Azure AD integration card into focus.

   Note

   You can also locate the integration card by:

   • Scrolling down the page on the Integration Library tab
   • Filter the integration options displayed by selecting any of the other left navigation choices besidesIntegration Categories, e.g., by Modules or Integration Scopes (cloud or on premise)
   • Enter the integration name in the Search integration bar

4. Select the Add button on the Microsoft Azure AD Integration card to display the Microsoft Azure AD integration configuration page.

   

5. Select and enter values for the following fields.

   1. Select the integration type from the Integration drop-down list. In this case, Microsoft Azure AD Integration, which is already selected by default.

   2. Select the integration scope from the Integration Scope drop-down list. The Microsoft Azure AD integration can only run on a cloud scope, which was configured by NetSPI, and Cloud displays as the default value.

   3. Enter an integration name and description in the Integration Name and Description fields.

   4. Select the Enabled slider button to display as either on (blue) or off (light gray).

   5. Enter or copy/paste the Microsoft Azure AD tenant ID, client ID, and OAuth2 secret in the Microsoft Azure AD Parameters field group, for the domain that you configured in the Microsoft Azure AD System configuration step above.

6. Select Create to create the integration. The new integration now displays on the Applied Integrations tab with its statuses: current and last run, last run time, and status (enabled/disabled).