Set up Microsoft Entra ID and Microsoft Intune for Integration

Table of Contents

Integrate IoT Security with Microsoft Entra ID

Set up IoT Security and Cortex XSOAR for Microsoft Entra ID Integration

Set up Microsoft Entra ID and Microsoft Intune for integration with IoT Security through Cortex XSOAR.

Where Can I Use This?	What Do I Need?
IoT Security (Managed by IoT Security)	IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical) One of the following Cortex XSOAR setups: An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance A full-featured Cortex XSOAR server

IoT Security integrates with Microsoft Entra ID to learn device attributes. The integration requires integrating with Microsoft Intune as well to help with device matching between Microsoft Entra ID and IoT Security. To prepare Microsoft Entra ID and Microsoft Intune for integration with IoT Security, you need the following subscriptions and licenses:

An M365 E3 subscription or an M365 Business Premium License
An Entra ID P1 license
An Intune license

These integration instructions explain how to set up cloud-based Microsoft Entra ID and Microsoft Intune applications to integrate with IoT Security and Cortex XSOAR. IoT Security and Cortex XSOAR don't support integrating with Microsoft Entra ID and Microsoft Intune as a hybrid or an on-premises system.

Log in to your Microsoft Azure portal with an account that has the Global Administrator role.
Navigate to Microsoft Entra IDManageApp registrations.
Click on New registration to register a new application.
Configure the new application.
Configure the following settings:
- Name: Enter a name for the application.
- Supported account types: Select Accounts in this organizational directory only.
Register the application.

After registering the application, you're redirected to the application overview page.
From the application overview page, copy the Application (client) ID and the Directory (tenant) ID to a secure location.

You will need the client and tenant IDs later to configure the integration instance on Cortex XSOAR.
Obtain a client secret.
1. From the application overview page, navigate to ManageCertificates & secrets.
2. Click on + New client secret to bring up the Add a client secret side view.
3. In the Add a client secret side view, configure the following settings:
  Description: Enter a description to help identify the client secret.
  Expires: Choose an expiration period for the secret, after which time you would need to renew the secret to continue using the Microsoft API.
4. Add the new client secret.
5. Copy the client secret Value and Secret ID to a secure location.
  
  You will need the Secret ID later to configure the integration instance on Cortex XSOAR.
Configure API permissions.
1. Navigate to ManageAPI permissions.
2. Click on + Add a permission to bring up the Request API permissions side view.
3. Select Microsoft APIsMicrosoft Graph.
4. Select Delegated permissions and search for and select the following permissions:
  Device.Read.All
  DeviceManagementManagedDevices.Read.All
5. Select Application permissions and search for and select the following permissions:
  Device.Read.All
  DeviceManagementManagedDevices.Read.All
6. Add permissions.
7. If the Status of the new API permissions is “Not granted...,” then Grant admin consent.
Configure Microsoft Intune for integration with Cortex XSOAR.
1. In your Microsoft Azure portal search bar, search for Mobility (MDM and WIP).
2. From the list of Mobility (MDM and WIP) services, select Microsoft Intune.
  
  This brings up the Microsoft Intune configuration page that is associated with Microsoft Entra ID.
3. Configure the MDM user scope to All.
  
  This allows Microsoft Intune to send Ethernet and MAC addresses to Cortex XSOAR when integrated.