Office 365 Azure Registration
Last updated
Was this helpful?
Last updated
Was this helpful?
The CyberCyte portal provide Office 365 integration for more comprehensive visibility. We recommend it for machines without an agent on the domain, accounts with unchanged passwords, locked accounts and analysis of the domain infrastructure.
Please log in to the MS Azure Portal and navigate to
Register a new applicaiton on a signle tennant with "+ New registration" button. Do not put any URL for endpoint.
After the registration, please navigate to "Manage" -> "Certificates & Secrets". Please add a new client secret and copy it.
From the "Overview" menu, please copy the "Application (client) ID" and "Directory (tenant) ID".
Go back to the "Manage" menu and navigate to "API permissions". Add a new permission and select the "Microsoft Graph Permission".
Select the "Applicaiton Permissions".
Select the "Group.Read.All", "User.Read.All" and "GroupMember.Read.All", "Device.Read.All" permissions.
Grand admin consent after adding the permissions.
Please navigate to "Settings & Reporting" -> "Credential Settings" -> "Remote Credentials" -> Click on "+ Credential" button. Select the "Microsft Graph API Credential". copy the "Application (client) ID", "Directory (tenant) ID" and "Client Secret" that created on Azure Portal.
Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Repository Management". Click on the "+Repository" button to create a new Azure AD(Active Directory) repository and select the "Azure AD" as Type, and please select the credential that we created in the first step as a "Remote Credential". After that please fill the rest of the blank fields.
Please navigate to "Home" -> "User Overview" -> "Domain Overview" and "Asset Overview". The "Domain Overview" and "Asset Overview" dashboards provides a great visibility on the active directory and domain information.
Domain Analysis Example Dashboard:
Asset Overview Example Dashboard:
Also, the results can be analyzed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Assets".
After integration, the data obtained must be validated and, if necessary, white-listing or rule definitions must be made. There are already defined rules on CyberCyte, and listing can be done with additional analyses to these rules. Our primary recommendation is to double-check in parallel with the existing solutions in the user's infrastructure.
You can access the relevant findings via dashboards, and you can go to the relevant analysis table by clicking on the data.
When you right-click on any data, you can provide list management under "List Management" from the options that appear on the screen. Similarly, if a special rule needs to be defined, you can create a special rule with the "Rule Management" -> "Add value as a Classification Rule" option and trigger the notification mechanism. The rule management explained in this link .
