Permissions for Microsoft Defender for Cloud (VM) Integration
The following read-only actions must be assigned via a custom role to allow Scytale to collect evidence from Azure services:
Microsoft.Security/*/read
How to Connect Scytale and Microsoft Defender for Cloud (VM)
1. In Scytale, go to 'Integrations'.
2. Search for Microsoft Defender and select 'Connect'.
3. Paste your Application ID, Secret Value and Directory ID.
3. Add a connection name - this will be used to differentiate between your connections - and then select 'Connect'.
You have now successfully connected to Microsoft Defender!
How To Create Credentials In Microsoft Defender for Cloud (VM)
1. Log in to your Azure Portal and select 'App registrations' in the left menu.
2. Select 'New registration' and fill in the following details:
Name - you can choose a name.
Supported account types - the first option must be selected - "Accounts in this organizational directory only (Default Directory only - Single tenant)".
Under the Redirect URI - Select web, and paste the following URI:
https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-graph
Click on Register.
3. In the overview tab of the application, refer to the information under "Essentials", copy (you'll use it for Scytale connection):
Application (Client) ID.
Directory (tenant) ID.
4. Go back to 'App registrations' and select the application you just created.
Go to 'Certificates & secrets' and select 'New client secret'
The Description will expires so we recommend selecting 24 months (we cannot collect data after the key expires).
β
5. Select 'Add' and copy the Secret Value.
β
Step 3: How to Create a Custom Role in Azure
Go to subscriptions.
Copy the relevant subscription ID (you'll need to paste it into the scytale integration connection).
Click on the relevant subscription.
Navigate in the subscription menu to 'Access control (IAM)'.
Select +Add and select the 'Add custom role' option.
Under the basics tab, choose a name for the 'Custom role name'.
Click on 'Next'.
Go to the JSON tab and click on 'Edit'.
Paste the following JSON snippet in the "permissions" key:
β"permissions": [
{
"actions": [
"Microsoft.Security/*/read"
]
}
]
Click on 'Save', then 'Review + create', and then 'Create'.
Step 4: How to Assign the Role to the Application
Return again in the subscription menu to 'Access control (IAM)'.
Select +Add and select the 'Add role assignment' option.
In the role tab, search for the custom role you created in step 3.
Click on the role and then select 'Next'.
In the members tab, on the Members section, click on '+select members'.
Search the application name you created in step 1 and click on it.
Click on 'Select'.
Click on 'Review + assign'.
