IDR Integration Guide🔗
Once Taegis™ IDR has been enabled for your tenant, select Identity from the Taegis Menu to begin configuring your integration with Microsoft Entra ID. Follow the steps within the interface to complete the integration and begin using IDR. Use this page as a guide to set up the Identity module.
Set Up Overview🔗
Use the links below to jump to the specific section you would like to see.
Set Up Instructions🔗
The Identity module requires the creation of a new application within Azure to ensure that the necessary permissions are in place to run the security checks and to avoid Microsoft rate limiting conditions.
Important
A Taegis user with the Tenant Administrator role is required to perform this set up.
Register a New Application in Azure🔗
-
Register an application in the Azure portal (Figures 1 and 2).
- Name — Any descriptive string
- Supported account types — Accounts in this organizational directory only
Figure 1 
Figure 2 -
Take note of the following values as they are necessary for set up in XDR (Figure 3).
- Application (Client ID)
- Directory (Tenant ID)
Figure 3 -
Configure the following required application permissions using either option 1 or 2 as detailed in the following section.
- Update Application Manifest
-
Once the permissions are set using either option detailed in the following section, click Grant admin consent... for your Azure tenant name.
Figure 7
Azure Permissions Option 1🔗
Find the field requiredResourceAccess and replace it with the following JSON:
"requiredResourceAccess": [{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "b0afded3-3588-46d8-8b3d-9842eff778da",
"type": "Role"
},
{
"id": "7a6ee1e7-141e-4cec-ae74-d9db155731ff",
"type": "Role"
},
{
"id": "dc377aa6-52d8-4e23-b271-2a7ae04cedf3",
"type": "Role"
},
{
"id": "2f51be20-0bb4-4fed-bf7b-db946066c75e",
"type": "Role"
},
{
"id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
"type": "Role"
},
{
"id": "607c7344-0eed-41e5-823a-9695ebe1b7b0",
"type": "Role"
},
{
"id": "dc5007c0-2d7d-4c42-879c-2dab87571379",
"type": "Role"
},
{
"id": "e30060de-caa5-4331-99d3-6ac6c966a9a4",
"type": "Role"
},
{
"id": "8a3d36bf-cb46-4bcc-bec9-8d92829dab84",
"type": "Role"
},
{
"id": "246dd0d5-5bd0-4def-940b-0421030a5b68",
"type": "Role"
},
{
"id": "37730810-e9ba-4e46-b07e-8ca78d182097",
"type": "Role"
},
{
"id": "9e640839-a198-48fb-8b9a-013fd6f6cbcd",
"type": "Role"
},
{
"id": "4cdc2547-9148-4295-8d11-be0db1391d6b",
"type": "Role"
},
{
"id": "230c1aed-a721-4c5d-9cb4-a90514e508ef",
"type": "Role"
},
{
"id": "c7fbd983-d9aa-4fa7-84b8-17382c103bc4",
"type": "Role"
},
{
"id": "dd98c7f5-2d42-42d3-a0e4-633161547251",
"type": "Role"
},
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role"
},
{
"id": "38d9df27-64da-44fd-b7c5-a6fbac20248f",
"type": "Role"
},
{
"id": "6e472fd1-ad78-48da-a0f0-97ab2c6b769e",
"type": "Role"
}
]
}]
Azure Permissions Option 2🔗
Manually configure the values listed below as shown in Figures 4-6.
Directory.Read.AllUserAuthenticationMethod.Read.All— For reading MFA methodsPolicy.Read.All— Conditional Access Policy AssessmentsPolicy.Read.PermissionGrant— See permissions granted by policiesPolicy.Read.ConditionalAccess— Conditional Access Policy Assessments using services not covered by Policy.Read.AllThreatHunting.Read.All— Threat HuntingAuditLog.Read.All— For reviewing access and potential threatDeviceManagementManagedDevices.Read.All— For reading data about devices and relating them to XDR logsDeviceManagementApps.Read.All— For analyzing InTune access and policiesDeviceManagementConfiguration.Read.All— For analyzing InTune access and policiesNetworkAccess.Read.All— Network access configuration reviewNetworkAccessPolicy.Read.All— Network access policy reviewRoleManagement.Read.All— Analyzing role access in your environmentPrivilegedAccess.Read.AzureAD— Analyzing privileged access in your environmentUser.Read.All— Accessing user data not covered by Directory.Read.AllIdentityRiskEvent.Read.All— For seeing flagged events in your Entra ID environmentIdentityRiskyUser.Read.All— Reviewing potentially risky users in your environmentIdentityRiskyServicePrincipal.Read.All— Reviewing potentially risky apps in your environmentReports.Read.All— Review and collect reports on environment stats
Add Integration to Taegis XDR🔗
- From the Taegis Menu, select Identity > Identity Risk Posture.
- Enter the Tenant ID and the Application Client ID in the form obtained from the preceding Register a New Application in Azure step.
-
Select Download Client Certificate. This generates a certificate in XDR and downloads it to your machine.
Figure 26 -
Go back to the previously created application in Microsoft Entra ID and upload the previously generated certificate from Taegis.
Figure 27 -
Once the certificate has been uploaded, switch back to XDR and select Create. The certificate needs to be uploaded to Azure first to provision the connections.
Set Up Automations & Playbooks🔗
This is an optional step that can be taken once you have added the new integration. Upon completion, you will be re-directed to the Microsoft Azure connector set up wizard. From here you can add a connector that will enable you to take advantage of the user response actions available in the platform.
- Knowledge Base Article: How To: Setting Up IDR Automation Playbooks
- Knowledge Base Article: How To: Configure Entra ID Force Password Reset Automation
Note
If you have previously configured Azure AD or Entra ID connectors and playbooks, you do not need to do this step again. Automation playbooks are available across the platform once configured.