Integrate your Office 365 Account with MDR
You can integrate your Office 365
account with MDR so any threats and behavioral anomalies are
detected. Once integrated, our SOC team analyzes data logs from your
Office 365 account for malware activity and other anomalies.
You have to first configure your Azure AD application and MDR so as to collect data.
Configuration Steps
Step 1 - Create an API Integration Application within Registry
- Log into your Azure account (https://portal.azure.com).
- Navigate to App registrations and create a new app by clicking ‘+ New registration’
- Fill application details as shown below:
- Name: Xcitium-mdr (or any other suitable label)
- Supported account types: Choose "Accounts int this organizational directory only"
- Click ‘Register’
Note down the Application (client) ID and Directory (tenant) ID.
Step 2 - Create Security Credentials for Registered Application
- Click ‘Certificates & Secrets’ on the left
- Click ‘+New client secret.’
- Create a secret insert description for the key, select expiration of ‘Never’, then click ‘Add’ (only then will the key/secret be generated)
- Copy the new client secret value.
Step 3 - Add Permissions for the Registered Application
- Click ‘API Permissions’ on the left then ‘Add a Permission.’
- Click ‘Microsoft Graph’ and select ‘Application Permissions’
- Add permissions as shown below:
- Click ‘Add a permission’ again and select ‘Office 365 Management API’ and toggle ‘Application Permissions’.
- Add permissions as shown below:
Step 4 - Configure MDR with Azure Application Registration Attributes (Tenant Id, Client Id, Secret Key)
- Log into MDR Customer Portal.
- Click "Settings" at the top left of the screen and scroll down to ‘Cloud Security Settings’
- Enter your client ID, tenant ID (generated in step 1) and secret key (generated in step 2) into the respective fields.
- Click "Register Your Account"
That’s
it, your Office 365 cloud account is integrated with MDR. Contact
your Xcitium account manager for support if you have any trouble
integrating your cloud account with MDR.