# Azure Active Directory Integration The CyberCyte portal provide Azure Active Directory integration for more comprehensive visibility. We recommend it for machines without an agent on the domain, accounts with unchanged passwords, locked accounts and analysis of the domain infrastructure. ## 1. Create MS Azure App Please log in to the MS Azure Portal and navigate to Register a new applicaiton on a signle tennant with "+ New registration" button. Do not put any URL for endpoint.
## 2. Get The Client ID & Tenant ID After the registration, please navigate to "Manage" -> "Certificates & Secrets". Please add a new client secret and copy it.
From the "Overview" menu, please copy the "Application (client) ID" and "Directory (tenant) ID". Go back to the "Manage" menu and navigate to "API permissions". Add a new permission and select the "Microsoft Graph Permission".
Select the "Applicaiton Permissions".
Select the permissions in the list provided below:
AdministrativeUnit.Read.AllApplicationRead all administrative units
Contacts.ReadDelegatedRead user contacts
Contacts.ReadApplicationRead contacts in all mailboxes
Contacts.Read.SharedDelegatedRead user and shared contacts
Directory.Read.AllDelegatedRead directory data
Directory.Read.AllApplicationRead directory data
emailDelegatedView users' email address
Group.Read.AllDelegatedRead all groups
Group.Read.AllApplicationRead all groups
GroupMember.Read.AllDelegatedRead group memberships
GroupMember.Read.AllApplicationRead all group memberships
User.ReadDelegatedSign in and read user profile
User.Read.AllDelegatedRead all users' full profiles
User.Read.AllApplicationRead all users' full profiles
User.ReadBasic.AllDelegatedRead all users' basic profiles
Office 365 Exchange
Contacts.ReadDelegatedRead user contacts
Contacts.Read.AllDelegatedRead user and shared contacts
Contacts.Read.SharedDelegatedRead user and shared contacts
Group.Read.AllDelegatedRead all groups (preview)
People.ReadDelegatedRead users' relevant people lists (preview)
User.ReadDelegatedRead user profiles
User.Read.AllDelegatedRead all users' full profiles
User.ReadBasic.AllDelegatedRead all users' basic profiles
User.ReadBasic.AllDelegatedRead all users' basic profiles
Grand admin consent after adding the permissions.
## 3. Create Remote Credential in Portal Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "Microsoft Graph API Credential" as a "Credential Type". ## 4. Create a Repository on the Portal Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Repository Management". Click on the "+Repository" button to create a new Azure AD(Active Directory) repository and select the "Azure AD" as Type, and please select the credential that we created in the first step as a "Remote Credential". After that please fill the rest of the blank fields. ## 5. Create a Policy in the Portal Please navigate to "Rules & Policies" -> "Policy Management" -> Click on the "+ Policy" button. Please select the module named "Scenario and Network Discovery" and type named "Active Directory Analysis". After the selection, required fields will appeared. Please fill in the blanks with required values. For default values, users can use these values in images below. The users can assign this policy to their group(s). Also, the collection intervals can be changed to their requirements. The users can add custom tags by just typing and hitting the enter. The policy will automatically accept the tags. ## 6. Reviewing the Results Please navigate to "Dashboards" -> "Asset & Identity" -> "Domain Overview" and "Asset Overview". The "Domain Overview" and "Asset Overview" dashboards provides a great visibility on the active directory and domain information. After integration, the data obtained must be validated and, if necessary, white-listing or rule definitions must be made. There are already defined rules on CyberCyte, and listing can be done with additional analyses to these rules. Our primary recommendation is to double-check in parallel with the existing solutions in the user's infrastructure. You can access the relevant findings via dashboards, and you can go to the relevant analysis table by clicking on the data.
When you right-click on any data, you can provide list management under "List Management" from the options that appear on the screen. Similarly, if a special rule needs to be defined, you can create a special rule with the "Rule Management" -> "Add value as a Classification Rule" option and trigger the notification mechanism. The rule management explained in this link . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudcyte.com/getting-started/integrations/azure-active-directory-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.