Integrating Microsoft Azure Active Directory Identity Protection with SecurityCoach

In this article, you will learn how to integrate Microsoft Azure Active Directory (AD) Identity Protection with SecurityCoach. Once you set up this integration, data provided by Microsoft Azure AD Identity Protection will be available under the SecurityCoach tab of your KMSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns.

Click the links below to learn how to integrate Microsoft Azure AD Identity Protection with SecurityCoach. For general information about SecurityCoach, see our SecurityCoach Product Manual. If you would like to learn how to integrate other Microsoft products with SecurityCoach, see the vendor integration guides in our Knowledge Base.

Jump to:

Set Up the Integration in Your Microsoft Azure Portal

• Register the SecurityCoach Application
• Add API Permissions
• Create a Client Secret

Set Up the Integration in Your KMSAT Console

Set Up the Integration in Your Microsoft Azure Portal

Before you can set up this integration in your KMSAT console, you will need to register the SecurityCoach application, add API permissions, and create a client secret in your Microsoft Azure portal.

To jump to the article subsection for each of these steps, click the links below:

• Register the Application
• Add API Permissions
• Create a Client Secret

Register the SecurityCoach Application

First, you will need to register the SecurityCoach application in your Microsoft Azure portal. To register the application, follow the steps below:

1. Log in to your Microsoft Azure portal and navigate to the Azure Active Directory.

   

2. From the sidebar on the left side of the page, select App registrations.

   

3. Click + New registration and enter a name for your application, such as “knowbe4integrations”.

   

4. Click Register.

   

Back to top

Add API Permissions

After you have registered the SecurityCoach application, you can add API permissions from the App registrations page of your Microsoft Azure portal. To add API permissions, follow the steps below:

1. Select the registered application you created in the Register the SecurityCoach Application section of this guide. In the example below, the registered application is titled “knowbe4integrations”.

   

2. From the sidebar on the left side of the page, select API permissions.

   

3. Click + Add a permission.

   

4. Select Microsoft Graph from the Microsoft APIs subtab.

   

5. Click Application permissions.

   

6. Click the IdentityRiskEvent drop-down menu and select the check box next to IdentityRiskEvent.Read.All. Then, click the IdentityRiskyUser drop-down menu and select the check box next to IdentityRiskyUser.Read.All.

   

7. Click Add permissions.
8. Click Grant admin consent for [your active directory name]. Once permission is granted, the triangle symbol on the right side of the page will change to a green check mark.

   

Back to top

Create a Client Secret

After you have registered the SecurityCoach application and added your API permissions, you can create a client secret from the App registrations page of your Microsoft Azure portal. To create a client secret, follow the steps below:

1. From the sidebar on the left side of the page, select the SecurityCoach application that you registered earlier. When you click on the registered application, the application’s overview will display.
2. From the sidebar on the left side of the page, select Certificates & secrets.

   

3. Click + New client secret.

   

4. Enter a description for the client secret and select an expiry window.

   

5. Click Add. Once you click Add, the client secret Value and Expires date will display on the page.

   

6. Copy and save the client secret Value and Expires date somewhere that you can easily access. You will need these credentials to complete the integration setup outlined in the Set Up the Integration in Your KMSAT Console section below.

Back to top

Set Up the Integration in Your KMSAT Console

Once you’ve set up the integration in your Microsoft Azure portal, you can set up the integration in your KMSAT console.

To set up the integration in your KMSAT console, follow the steps below:

1. Log in to your KMSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
2. Locate Microsoft Azure AD Identity Protection and click Configure.
   

   

3. In a separate browser window, log in to your Microsoft Azure portal and navigate to your Azure Active Directory.

4. From the Overview page, scroll down to the Tenant information section. Then, copy the Primary domain.

   

5. In your KMSAT console, paste your Primary domain in the Domain field.

   

6. To get your client ID, navigate to the App registrations page of your Microsoft Azure portal and click on the SecurityCoach application that you registered earlier. When you click on the registered application, the application’s overview page will display.

7. On the application’s overview page, copy the Application (client) ID in the Essentials section at the top of the page.

   

8. Navigate back to your KMSAT console. In the Client ID field, paste your Application (client) ID.

   

9. In the Client Secret field, enter the Value for the client secret that you created earlier.

   

10. In the Token Expiration Date field, select the Expires date for the client secret that you created earlier.

    

11. To finish setting up the integration, click Authorize.

Once you’ve successfully authorized this integration, you can manage detection rules for Microsoft Azure Active Directory Identity Protection on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.

Back to top