Skip to content

Configuring Microsoft Entra ID as a Provider

You can integrate Identity Risk with Microsoft Entra ID (previously Azure AD) to view:

  • Detailed user information, including the user's name, email address, and additional role data.
  • Access logs that provide information on which resources were accessed.
  • Access outcomes, including whether access was allowed or denied and the reasoning behind those decisions.

Prerequisites

To get started, you'll need the following:

Microsoft Entra

  • A user with the appropriate administrator privilege
  • Microsoft Entra ID license level of Microsoft Entra ID P1 or Microsoft Entra ID P2
  • The Tenant ID for your organization.
  • An App Registration Client ID and Client Secret.
  • API permissions
  • The appropriate App Registration permissions assigned.

The Microsoft Entra ID provider configuration requires a minimum of one application registration and optionally supports a second application registration to distribute load for enhanced scale and greater protection against API rate-limiting.

Note

Provider configuration with two application registrations is recommended for environments with more than 5,000 users.

Configuring a Microsoft Entra ID Provider

  1. Select the Settings icon Settings in Identity Risk.
  2. From the left panel, select Providers.
  3. Select Entra ID.

  4. Enter a unique name for your provider.

    You'll now access the Microsoft Azure Portal to gather data that you'll enter into the required fields. Leave the Configure Providers page open as you'll return here to complete the configuration.

  5. In the Microsoft Azure Portal, select Overview.

  6. Verify the active license displays Microsoft Entra ID P1 or Microsoft Entra ID P2. For more information, refer to Feature comparison based on licenses.
  7. Locate the Tenant ID and copy the value.
  8. In Identity Risk, paste the Tenant ID value into the Entra ID Tenant ID field.
  9. In the Microsoft Azure Portal, select Applications > App registration.
  10. Select New registration.
  11. In Register an application, enter a name for your new registration.
  12. Under Supported account types, select Accounts in this organization directory only.
  13. Select Register.
  14. In the registered application, locate the Application (client) ID and copy the value.
  15. In Identity Risk, paste the Application (client) ID value into the Entra ID Client ID field.
  16. In the Microsoft Azure Portal, select Certificates & secrets.
  17. In Client secrets, select the + New client secrets tab.
  18. In Add a client secret, enter a description and expiration time and then select Add.
  19. In the Client secrets column, copy the Value of the client secret added.

  20. In Identity Risk, paste the Value into the Entra ID Client Secret field. The value field will only be visible immediately after creation.

    Note

    To add an additional application registration, refer to Additional App Registration Configuration

  21. Select an Entra ID cloud instance. In addition to the global cloud, Microsoft also offers national cloud instances to meet the needs of national government entities.

    Select the appropriate cloud instance for your environment.

  22. To enable access to Microsoft Graph, apply API permissions. Refer to Application Permissions.

  23. Select Create. The Entra ID provider is created, and you are directed to a success screen. You may return to the Configure Providers page to view the status of the provider.

    When the provider is successfully created, data is ingested, processed, and correlated within Identity Risk. Data can then be viewed and explored through the Identity Map and Insights.

Application Permissions

To enable access to Microsoft Graph, apply the following permissions:

API Application Permissions
Microsoft Graph - AuditLog.Read.All
- Directory.Read.All
- Application.Read.All
- Policy.Read.All
- User.Read.All

Note

Application permissions are the same for one and two application registrations.

To apply permissions:

  1. In Microsoft Azure Portal, select API Permissions.
  2. Select + Add a Permission.
  3. In Request API permissions, select Microsoft Graph.
  4. In Microsoft Graph, select Application permissions.
  5. Search for and add each of the required permissions. Select Add permissions to add all required permissions. Permissions differ for a one or two app registration for all provider capabilities.
  6. Verify that the required permissions have been added.

  7. Select Grant admin consent for [your organization] to grant admin consent to the permissions configured for the application.

    Note

    Only administrators can perform this step.

  8. Select Yes to confirm the consent. Once successfully authorized, the permissions Admin consent required column will confirm the consent.

  9. In Identity Risk, complete the creation of the provider.

Additional App Registration Configuration

  1. In the Microsoft Azure Portal, select Applications > App registration.
  2. Select New registration.
  3. In Register an application, enter a name for your new registration.
  4. Under Supported account types, select Accounts in this organization directory only.
  5. Select Register.
  6. In the registered application, locate the Application (client) ID and copy the value.
  7. In Identity Risk, paste the Application (client) ID value into the Entra ID Client ID for MetaData (Optional) field.
  8. In Microsoft Azure Portal, select Certificates & secrets.
  9. In Client secrets, select the + New client secrets tab.
  10. In Add a client secret, enter a description and expiration time and select Add.
  11. In the Client secrets column, copy the Value of the client secret added.
  12. In Identity Risk, paste the Value into the Entra ID Client Secret for MetaData field.

  13. Select an Entra ID cloud instance. In addition to the global cloud, Microsoft also offer national cloud instances to meet the needs of national government entities.

    Select the appropriate cloud instance for your environment.

  14. To enable access to Microsoft Graph API, apply API permissions. Refer to Application Permissions.

  15. In Identity Risk select Create. The Entra ID provider is created and you are directed to a success screen, after which you may return to Providers to view the status of your newly created provider.

    When the provider is successfully created, data is ingested, processed, and correlated within Identity Risk. Data can then be viewed and explored through the Identity Map and Insights.

Editing Providers

Provider configuration can be edited to allow for updates to the client secret when it is due to expire. Client secret expiration should be tracked and updated before the expiration date to avoid provider failure.

  1. In Identity Risk, select the Settings icon Settings.
  2. From the left panel, select Providers.
  3. Select Entra ID.
  4. In Enabled Integrations, select Show Details next to Entra ID.

  5. Select Edit to update the configurations for the provider.

  6. Update the Entra ID Client Secret field.

  7. If you have configured an additional app registration, update the Entra ID Client Secret for MetaData (Optional) field.
  8. Select Save. The Entra ID provider will establish connection using the updated client secret and continue to process data.

Deleting Providers

  1. In Microsoft Azure Portal, delete the client secret associated with the app registration. Once the client secret has been revoked in Entra ID, it will no longer be accessible to Identity Risk.
  2. In Identity Risk, select the Settings icon Settings.
  3. From the left panel, select Providers.
  4. In the list of Enabled Integrations, select Show Details next to Entra ID.

  5. Select Delete and then confirm the deletion. The provider is deleted, and data will no longer be ingested.

    Note

    Ingested historical data will still be available.