Configure Microsoft Entra ID for passive authentication
Configure Microsoft Entra ID to enable passive authentication and user group synchronization with the Security Cloud Control.
This task provides basic information about how to set up a Microsoft Entra ID (formerly called Microsoft Azure Active Directory (AD)) as a realm you can use with the Security Cloud Control. We expect you to already be familiar with Entra ID; if not, consult documentation or a support resource before you get started.
Procedure
Step 1 | Grant your Entra ID application the Microsoft Graph permissions. Grant your Entra ID application the following permissions to Microsoft Graph as discussed in Authorization and the Microsoft Graph Security API on the Microsoft site:
This permission enables the Security Cloud Control to download users and groups from Entra ID the first time. Required information from this step for setting up the Entra ID realm in the Security Cloud Control:
| ||
Step 2 | Set up an event hub. Set up the event hub as discussed in Quickstart: Create an event hub using Azure portal on the Microsoft site. The Security Cloud Control uses the event hub audit log to download periodic updates to users and groups. More information: Features and terminology in Azure Event Hubs.
Required information from this step for setting up the Entra ID realm in the Security Cloud Control:
| ||
Step 3 | Enable the audit log. Enable the audit log as discussed in Tutorial: Stream Azure Active Directory logs to an Azure event hub on the Microsoft site. | ||
Step 4 | Configure Cisco ISE for Entra ID. To send user session information to the Security Cloud Control, configure Cisco ISE for Entra ID as discussed in Configure ISE 3.0 REST ID with Azure Active Directory. |
What to do next
See Configure Cisco ISE for Microsoft Azure AD (SAML)Microsoft Azure AD.