Azure Integration

This document describes how to integrate the Rezonate product with the Azure Active Directory and Azure Subscriptions. The integration also covers M365 and Intune.

Step 1 - Creating an Application

1. Browse to the Azure Active Directory user portal.

2. Select “Enterprise Applications” in the side menu

3. Click “New Application”.

4. Select “Create your own”.

5. In the new Application name, write “Rezonate” and then click Create.

6. After the creation process is complete, you will be redirected to the application page.

7. Click the Permissions tab on the side menu.

8. Select “Application registration”.

Step 2 - Granting Access to Azure AD + M365

1. Select “Add Permissions” and select Microsoft Graph, and then Application permissions.

1. Add the following read-only permissions for the application to acquire all relevant data:

TeamMember.Read.All UserAuthenticationMethod.Read.All Policy.Read.PermissionGrant IdentityRiskyServicePrincipal.Read.All Channel.ReadBasic.All SecurityAlert.Read.All MailboxSettings.Read Directory.Read.All ReportSettings.Read.All RoleManagement.Read.All IdentityProvider.Read.All IdentityRiskyUser.Read.All IdentityRiskEvent.Read.All AuditLog.Read.All Policy.Read.All Member.Read.Hidden Reports.Read.All DirectoryRecommendations.Read.All

After selecting the permissions, Click Add Permissions.

1. Click “Grant Admin Consent for Rezonate” and then “Yes”.

2. Select “Certificates & secrets” in the side menu.

3. Select “Upload certificate”.

4. Add the rezonate_aad_azure.crt file from Rezonate. (Attached in this article)

5. Click the Overview button.

6. Please copy and bring back the following items:

   1. Application (client) ID

   2. Directory (tenant) ID

Step 3 (for Azure Integration) - Granting Access to Azure Management Group

1. Head over to the Management Groups screen, and choose the Tenant Root Group.

2. Select Access Control (IAM) from the left-side bar.

3. Select “Role Assignments”, then “Add”, and then “Add role assignment”.

4. Select “Job Function Roles”, and head over to the Role tab.

5. In this tab, select “Reader” and then “Next”.

6. You will be moved to the “Members” page, to add members to the assignment.

7. Click “+ Select Members” and enter the application name created in step 1 - “Rezonate”. You will see the application in the right-side menu, click it and then click “Select”.

8. You should now see the application in the Members box. Click “Review + Assign” to finish the process.

9. You should now see the application is assigned the “Reader” role, listed in the “Role assignments” screen.

10. Head over to the overview screen of the subscription to find the ID.

11. Please copy and bring back the following items:

    1. Subscription ID numbers to cover.

    2. Tenant ID.