Microsoft Entra

Connect your Microsoft Entra instance to Verosint for real-time identity threat detection and response, enabling faster and more efficient remediation.

This integration enables:

• STREAMING EVENTS: Stream Microsoft Entra events into Verosint for proactive threat detection and response
• ENRICHED USER PROFILES: Enrich user profiles with key metadata for better visibility and analysis
• THREAT RESPONSE:Take action directly from Verosint by revoking sessions or suspending accounts in real time.

---

In your Microsoft Entra admin center, navigate to the Entra Overview

1. Select Enterprise applications

2. Select New application

3. Select Create your own application

   

4. Type Verosint in the What's the name of your app? box and click Create

   

5. After creating the application, you will be redirected to the application's overview page. Select Permissions

   

6. Select Application registration

7. Select Add a permission

8. Select Microsoft Graph

9. Select Application permissions

   

10. ☑️ Check the box next to the following permissions:

    1. Directory.Read.All

    2. AuditLog.Read.All

    3. User.EnableDisableAccount.All

    4. User.RevokeSessions.All
       Then select Add permissions

       

11. Select Grant admin consent for Verosint

12. Copy the Application (client) ID and Directory (tenant) ID for later, then select Certificates & secrets

13. Select New client secret

    

14. Type Verosint with the date and select Add.
    ⚠️ Note the Expires value here. You will need to repeat this process and update Verosint with the new secret at this interval to keep the integration active.

15. Copy the Value of the new secret. ⚠️ This is the one and only time this secret will be available.

16. Login to Verosint and navigate to the Settings page (top right corner of the browser window).

17. Select Microsoft Entra and populate the Client ID, Client Secret, and Tenant ID fields with the values you copied earlier.