Configure Microsoft Azure Connection

A Microsoft Azure connection securely stores reusable authentication credential information for integrations with Azure. To create the connection, Alert Logic requires the following information from the Azure AD console:

  • Directory (Tenant) ID—Identifies your account in Azure
  • Application (Client) ID—Identifies the specific app registration that you create in Azure for Alert Logic
  • Client Secret Value—Allows Alert Logic to access the app registration

Alert Logic provides the following steps to help you get the information and create the connection. For further questions about the steps performed in the Azure console, or if your interface looks different, contact Microsoft Azure support.

  1. Create an app registration in Azure
  2. Grant permission to perform actions in Azure
  3. Create a client secret in Azure
  4. Create the Microsoft Azure connection in the Alert Logic console
  5. Use the connection in automated response

Create an app registration in Azure

Create an app registration in Azure AD to hold the permissions and credentials granted to Alert Logic.

To create an app registration:

  1. Log into the Azure AD console.
  2. On the left panel of the Azure AD console, under Manage, click App registrations.
  3. Click + New registration.
  4. Enter a name for your connection to Alert Logic automated response. Leave the other items as is.
  5. Click Register.
  6. Copy the Application (client) ID to a text editor for later.
  7. Copy the Directory (tenant) ID to a text editor for later.

Grant permission to perform actions in Azure

The next step in the Azure Active Directory console is to grant Alert Logic permissions to perform actions in Azure.

If you grant permission to manage Azure users, you can perform the simple response Microsoft Azure Active Directory: Disable User.

If you grant permission to access Microsoft Defender for Endpoint, you can perform the simple response Microsoft Defender for Endpoint: Isolate Host.

Complete one or both of the following procedures, depending on your goals for the connection to Azure.

To grant permission to manage Azure users:

  1. On the left panel of the app registration for your new app, under Manage, click API permissions.
  2. Click + Add a permission.
  3. Select Microsoft Graph.
  4. On the Request API permissions page, in response to the question about the type of permissions your application requires, click Application permissions.
  5. In the list of permissions, scroll down and click UserAuthenticationMethod to see permissions in this category, and then select UserAuthenticationMethod.ReadWrite.All.
  6. Then scroll down and click the User category, and then select User.ReadWrite.All.
  7. Click Add permissions.
  8. From the page listing active permissions, click Grant admin consent to next to Add a permission.
  9. Click Yes to confirm.

    The status of the User.ReadWrite.All and UserAuthenticationMethod.ReadWrite.All permissions become "Granted", and a green check mark icon appears next to the granted permissions.

To grant permissions to access Microsoft Defender for Endpoint:

  1. On the left panel of the app registration for your new app, under Manage, click API permissions.
  2. Click + Add a permission.
  3. On the Request API permissions page, select APIs my organization uses.
  4. In the text box, type "WindowsDefenderATP", and then select WindowsDefenderATP.
  5. On the Request API permissions page, in response to the question about the type of permissions your application requires, click Application permissions.
  6. In the list, select the following permissions:
    1. Click User to see permissions in this category, and then select User.Read.All.
    2. Click Machine to see permissions in this category, and then select Machine.Isolate and Machine.ReadWrite.All.
  7. Click Add permissions.
  8. From the page listing active permissions, click Grant admin consent to, next to Add a permission.
  9. Click Yes to confirm.

    The status of the User.Read.All permission, Machine.Isolate permission, and Machine.ReadWrite.All permission becomes "Granted", and a green check mark icon appears next to the granted permissions.

Create a client secret in Azure

The last step in the Azure AD console is to create a client secret.

To create a client secret:

  1. On the left panel of the app registration for your new app, under Manage, click Certificates & secrets.
  2. Select Client secrets if it is not active.
  3. Click + New client secret.
  4. Enter a description (example: Alert Logic Automated Response).
  5. Select an expiration, and note the expiration date for future renewal.
  6. Click Add.
  7. Copy the Value to a text editor for later.

Create the Microsoft Azure connection in the Alert Logic console

After you finish the configuration in Azure, the next step is to create the connection in the Alert Logic console.

To create a Microsoft Azure connection:

  1. In the Alert Logic console, click the navigation menu icon (), click Configure, and then click Connections.
  2. On the Connections page, click the add icon (), and then click Microsoft Azure.
  3. On the Create a Microsoft Azure Connection page, type a descriptive name for the connectionfor example, "Microsoft Azure Connection".
  4. In Directory (Tenant) ID, paste the Directory (tenant) ID that you noted in Create an app registration in Azure.
  5. In Application (Client) ID, paste the Application (client) ID that you noted in Create an app registration in Azure.
  6. In Client Secret Value, paste the Value for the client secret that you noted in Create a client secret in Azure.
  7. Click SAVE.

Use the connection in automated response

After you save the connection, you can use it in an automated response. For examples of automated actions that can use this connection, see Grant permission to perform actions in Azure. For more information about automated response, see Get Started with Automated Response.

Manage connections

You can view the list of connections and edit or delete an existing one. For more information, see Manage Connections.