.png?sv=2022-11-02&spr=https&st=2025-05-11T18%3A45%3A44Z&se=2025-05-11T18%3A57%3A44Z&sr=c&sp=r&sig=XKR7mJdUbbnDVZv3BXxEzKqrTSzLoOijUqRibsgeBxo%3D)
Connect this data source on your own, using the Hunters platform.
Overview
Microsoft Azure Entra ID (Azure AD) is a cloud-based identity and access management service that helps organizations manage access to applications, devices, and data. It provides a single identity platform for employees, customers, and partners to access various applications and services, both in the Microsoft cloud and on-premises.
Azure AD provides information about domain users and their properties, including person-related information.
Supported data types
Azure AD Users
Table name: azure_active_directory_users
Activities and events related to user accounts and their interactions within the Azure environment. These logs are vital for auditing, monitoring security incidents, analyzing usage patterns, and ensuring compliance with regulatory standards.
Azure AD Identity Protection
Table name: azure_ad_identity_protection
Risk detection reports provided by Microsoft. Azure AD Identity Protection generates logs that contain detailed information about detected risks, risk events, and risk remediation activities. These logs are crucial for organizations to understand the security posture of their identities and take proactive measures to protect against identity theft and compromise.
Send data to Hunters
To connect Microsoft Azure AD you’ll need to perform the following steps:
STEP 1: Register Your Application
🚧 Before you start
Make sure you are performing this process with an Azure admin user. A Privileged Identity Management user is not enough.
Make sure Identity Protection is enabled on your Azure environment. Learn how.
On the Azure portal home screen, open the side menu and click Azure Entra ID.
.png?sv=2022-11-02&spr=https&st=2025-05-11T18%3A45%3A44Z&se=2025-05-11T18%3A57%3A44Z&sr=c&sp=r&sig=XKR7mJdUbbnDVZv3BXxEzKqrTSzLoOijUqRibsgeBxo%3D)
Now, from the side menu click Manage > App registration.
The App registration menu opens.From the upper menu, click New registration.
The Register an application window opens.
Under the Name field, enter a descriptive name.
Under the Redirect URI section, select Web platform and paste <http://localhost:5110> in the URL field.
Click Register.
The application window opens.
From the side menu, click API permissions.
The Request API permissions panel opens.Click Add a permission.
Scroll down to locate the Microsoft Graph tile and click on it.
Perform the following steps for both Delegated permissions AND Application permissions:
For Azure AD Users -
user.readanduser.read.allpermissions.For Azure AD Identity Protection -
IdentityRiskEvent.Read.Allpermissions.Add these permissions.
Click Grant admin consent for the directory.
🚧NOTE
Make sure you've granted the IdentityRiskEvent.Read.All permission, and not IdentityRiskyUser.
STEP 2: Retrieve the required information
From the side menu, click Certificates & secrets.
Click New client secret to open the client secret panel.
In the Description field, enter a descriptive title.
From the Expires dropdown list, select 24 months.
Click Add to add the secret.
The secret now appears under the Client secrets list.Copy the Value and save it for later use.
❗️IMPORTANT
After a while, the client secret value will be hidden from view and you will not be able to retrieve it again.
On Azure Entra ID, from the application window, click Overview from the side menu.
Locate the Application (client) ID and the Directory (tenant) ID values, copy them, and save for later use.
STEP 3: Enter information on Hunters
Finally, to provide Hunters with the required keys, follow this guide. Make sure to provide the following details:
Tenant ID
Client ID
Client Secret