Configure Entra ID Basic Settings

Give your application the Microsoft Graph permission

Grant your Entra ID (formerly called Azure AD) application the following permissions to Microsoft Graph as discussed in Authorization and the Microsoft Graph Security API on the Microsoft site:

  • Reader role

  • User.Read.All permission

  • Group.Read.All permission

This permission enables the Firewall Management Center to download users and groups from Entra ID the first time.

Required information from this step for setting up the Entra ID realm in the Firewall Management Center:

  • Name of the app you registered

  • Application (client) ID

  • Client secret

  • Directory (tenant) ID

Set up an event hub

Set up the event hub as discussed in Quickstart: Create an event hub using Azure portal on the Microsoft site. The Firewall Management Center uses the event hub audit log to download periodic updates to users and groups.

More information: Features and terminology in Azure Event Hubs.

Important

You must choose the Standard pricing tier or better. If you choose Basic, the realm cannot be used.

Required information from this step for setting up the Entra ID realm in the Cisco Security Cloud Control:

  • Namespace Name

  • Connection string—primary key

  • Event Hub Name

  • Consumer group Name

Enable the audit log

Enable the audit log as discussed in Tutorial: Stream Azure Active Directory logs to an Azure event hub on the Microsoft site.