Microsoft Entra ID Identity Management
Microsoft Entra ID main features
Users with Microsoft Entra ID P1 or P2 plans |
Users with Microsoft Entra ID with free plan |
|---|---|
Identity context enriched by synchronizing user attributes such as groups and roles within Incidents (Affected Identities) |
Identity context enriched by synchronizing user attributes such as groups and roles within Incidents (Affected Identities) |
Response actions over identities directly from Incidents |
Response actions over identities directly from Incidents |
Ingestion of selected security indicators from Microsoft Entra ID, providing visibility into identity-related threats and making them available in Advanced Search and Incidents |
How to enable the integration
Prerequisites
Before setting up the integration, complete the following prerequisites:
•Azure Subscription ID
CWP requires an Azure subscription in which to deploy its resources (Resource Group, Event Hub Namespace, Event Hub). You must provide this Subscription ID during setup in the integration wizard.
•Entra ID domain name or tenant name
You will need either the primary domain name or the tenant name of the Entra ID tenant you want to integrate. To find it:
1.Open the Azure Portal and navigate to Microsoft Entra ID > Overview.
2.See the primary domain and tenant name under Primary domain.
•Azure Account with sufficient permissions
The Owner role or, a combination of Contributor and User Access Administrator on the deployment subscription, is typically sufficient. The account also needs to be a Global Administrator in Entra ID (or have the Security Administrator role) to create Diagnostic Settings at the Entra ID scope.
|
Access elevation During onboarding, CWP may need to temporarily elevate your account's access to the root management scope (/) to create role assignments at the /providers/Microsoft.aadiam scope. This is done automatically using the standard Azure elevate access mechanism and is reverted immediately after the setup step completes. Your account must be a Global Administrator in Entra ID for this elevation to succeed. |
•Administrator consent for Graph API permissions
The integration wizard will ask you to grant tenant-wide administrator consent for CWP's Microsoft Graph API application permissions. Only a Global Administrator or Privileged Role Administrator can grant tenant-wide administrator consent.
•Registerable Microsoft.Insights resource provider
CWP registers the Microsoft.Insights resource provider in your deployment subscription automatically. If your subscription has a policy that prevents resource provider registration, the onboarding will fail. Ensure that the account used for onboarding has the Microsoft.Resources/subscriptions/providers/register/action permission.
Integration setup in ESET PROTECT Web Console
Click Connect to go through the Connect Integration process:
1.General settings—type Name, Domain name and Description. Click Connect to redirect to your Microsoft account to provide consent.
2.Enable Access—select a method how to grant access to your Entra ID subscriptions: Temporary impersonation or Follow manual guide. Click Proceed to redirect to Microsoft to provide consent.
3.Deploy Resources—select a subscription for which ESET can create a dedicated resource group with the necessary components for management and operation. Click Continue.
|
Be aware that certain components created as part of the integrations may result in additional costs for users. |
4.Summary—review Integration Summary with your settings (Name, Domain name, Description, Deployed resource) and click Finish.