Configure Azure AD Basic Settings

Give your application the Microsoft Graph permission

Grant your Azure AD application the following permissions to Microsoft Graph as discussed in Authorization and the Microsoft Graph Security API on the Microsoft site:

  • Reader role

  • User.Read.All permission

  • Group.Read.All permission

This permission enables the management center to download users and groups from Azure AD the first time.

Required information from this step for setting up the Azure AD realm in the management center:

  • Name of the app you registered

  • Application (client) ID

  • Client secret

  • Directory (tenant) ID

Set up an event hub

Set up the event hub as discussed in Quickstart: Create an event hub using Azure portal on the Microsoft site. The management center uses the event hub audit log to download periodic updates to users and groups.

More information: Features and terminology in Azure Event Hubs.

Important

You must choose the Standard pricing tier or better. If you choose Basic, the realm cannot be used.

Required information from this step for setting up the Azure AD realm in the Cisco Security Cloud Control:

  • Namespace Name

  • Connection string—primary key

  • Event Hub Name

  • Consumer group Name

Enable the audit log

Enable the audit log as discussed in Tutorial: Stream Azure Active Directory logs to an Azure event hub on the Microsoft site.