Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

CyberCNS features Azure AD Integration out-of-the-box Azure AD Integration support. Simply enter your Azure AD credentials and get the Azure AD statistics to help you analyze your the network.

  • Azure AD Legacy supports DAP whereas the new Azure AD integration supports GDAP as well.

  • With Azure AD Legacy we have automatic application creation which uses write API’s.

Azure AD Legacy

Select Integration

Info
  • In the case of Non-CSP, an office 365 user with global permissions has to be used. 

  • In the case of CSP, a ​partner center user having global admin permissions should be used. ​

  • ​This screen will likely to change as we add are adding more and more integrations.

  1. Navigate to Global Settings(⚙) > Integrations and choose Azure AD Legacy from the integrations listed here.

    Image Removed

...

  • It will lead

...

  • to add credentials for your Azure AD Legacy Instance. Provide details as requested.

Enter Azure AD Legacy Credentials

  1. Click on + to add Azure AD Legacy credentials.

    Image Removed
  2. Choose a name for the credentials and Save.

    Image Removed

...

  • On clicking the Save option

...

  • , the redirection to sign in to

...

  • Microsoft account is done.

...

  • Once the login is successful, the Azure AD Credentials will be stored successfully. It is possible to add multiple credentials.

...

  • A user having a Global Administrator role is required to be added.

Image Removed

...

Company Mapping

Info

If a company has already integrated Azure AD with any tenant, then when the same company is integrated with new Azure AD, the old integration mapping for this company is removed.

  1. The next step is to map local companies in CyberCNS to Azure AD companies corresponding to the selected Azure AD credentials.

  2. In New Company Mapping, choose the Azure AD Credential of your choice from the dropdown and click on +Add to map the company.

    Image Removed

    One of these two options could be selected 🔸 Import Companies from Azure AD:- To import multiple companies at a time.

    🔹

...

Map Existing Company to

...

an Azure AD company:- To map an existing company to the Azure AD company

...

.

...

  1. Multiple companies can be added in the user interface.

  2. Now click on Finish to import all the selected Azure AD companies.

  3. As shown in the below image, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

    Image RemovedImage Removed
  4. Once the company is selected click on ‘+' to select the company and Multiple companies can be added to the user interface.

  5. Now click on Finish to map import all the selected Azure AD companies.

    Image RemovedImage Removed

...

  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

...

Info
  • When Azure AD credentials and Company Mapping are added, the two tabs Azure Active Directory and Microsoft Secure Score will be enabled

...

  • under the

...

  • Company view> Company that have the mapping.

  • Please wait for up to 2 hours post successful Azure AD integration to get the data under Azure Active Directory and Microsoft Secure Score section.

Azure Active Directory

...

  • At the Company Level, Navigate to Azure Active Directory to get the details

...

  • such as Active Directory Users, Active Directory

...

  • Computers, Active Directory Role Assignments, Active Directory Groups, and Active Directory Audit Logs.

...

  1. In Azure Active Directory User Data will get , the details of User Principal Name, Display Name, Given Name, Account Enabled, and Created Date Time.

    Image Removed

    In the Assigned Roles, MFA Enable status, Other Mails, Password Policies & User Created On date & time are seen.

...

2. In the Azure AD Computers section, the details like Asset Name, Host Name/IP, AD OS, OS Version, Distinguished Name, and Intune Managed status are seen.

...

3. In the Azure Active Directory Groups,

...

the details

...

like Display Name, Mail, Group Types, Is Mail Enabled, Proxy Addresses, Resource Behavior Options, Security Enabled

...

status & Security Identifier

...

are seen.

...

4. In Azure Active Directory License, the details like License Friendly Name, SKU Part Number, Active Units, Consumed Units, Warning Units & Suspended Units are seen.

...

5. In Azure Active Directory Roles, the details like Display Name, User Count, Description of the role & Role template ID are seen.

...

6. In Azure Active Directory Logs, the details like Activity Display Name, Category of the activity, Result, Result Reason, Logged by Service, Correlation id, Activity Initiated by User & Initiated from IP are seen.

...

Microsoft Secure Score

Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements; it is not an absolute measurement of how likely your system or data will be breached.

Prerequisite

  • Microsoft Office 365 Admin or Security Admin

...

  • Privileges.

  • MS Secure Score tab, in which will get the has details such as Microsoft secure score, User Count, Enabled Services, Average Comparative Scores, and Score Breakdown.

...

  • In the depicted below image using the search filter option ((blue star)) can search the Score Breakdown based on the requirement.

...

...

CSP

Info

For CSP account, Please follow the steps for Azure AD integration with MS Azure portal and verify once.

Step 1: Login Log in to Microsoft partner center -> go to the Customer List -> Select the customer whose data is not loading in CyberCNS.
Step 2:Click on Azure Active Directory for the particular customer which will redirect to the Microsoft Azure portal.

Step 3: Login  Log in to http://portal.azure.com  using using your credentials provided in CyberCNS integration.
Step 4: Search for Azure Active Directory & navigate Enterprise Application, Select the CyberCNS application from the enterprise application.
Step 5: Choose Permissions and click Grant admin consent for all customers. You will be prompted to enter the credentials please use the same credentials that you have added with CyberCNS.

Once you enter the credentials, it will register the application with Microsoft. On successful registration, it will populate the data to the CyberCNS portal under the company you have mapped it. It takes approx 15 mins to get registered with Microsoft.

...

Non-CSP

Info

Non CSP account, Please follow below steps for Azure AD integration.

Step 1: Make sure the credentials used for integration have global admin permissions.
Step 2: In the same CyberCNS browser window, please login log in to the Azure portal in the adjacent tab.

Step 3: In Cybercns' Azure AD integration, click on "Save." It will prompt you to enter the credentials , and make sure you select the consent checkbox before accepting.

...

Step 1: Make sure the credentials used for integration have global admin permissions.
Step 2: In the same CyberCNS browser window, please login log in to the Azure portal in the adjacent tab.

Step 3: From the main menu, select Azure Active Directory ---> Enterprise Application. Search for the CyberCNS application, and application properties, and Delete the application.

Step 4: In the CyberCNS portal Azure AD integration, click on "Save." It will prompt you to enter the credentials , and make sure you select the consent checkbox before accepting.

Step 5: Please wait for 10 to 15 minutes after the consent. Microsoft takes time to approve the application. After the approval, the data should be populated in the CyberCNS portal.

Troubleshooting

Troubleshooting Case 1: No data

While signing in to your Microsoft account, Permission to be is granted by enabling the checkbox “Consent on behalf of your organization”.

CSP Users

  1. For CSP user users follow the below steps to troubleshoot the issue

    1. Replace the customerid with Azure tenent tenant ID in the below URL

    2. https://login.microsoftonline.com/{customerid}/v2.0/adminconsent?client_id=41347456-8f58-4bee-9a3a-0f5708b7212f&scope=offline_access%20Organization.Read.All%20User.Read%20AccessReview.ReadWrite.All%20email%20Reports.Read.All%20SecurityEvents.Read.All%20Directory.AccessAsUser.All%20Directory.ReadWrite.All%20openid%20profile%20User.ReadWrite.All%20Group.ReadWrite.All%20SecurityEvents.ReadWrite.All%20AuditLog.Read.All&redirect_uri=https://authccns.mycybercns.com&state=12345 Login login with your customer administrator account and accept all the steps wait for some time to see populated data.

Non-CSP Users

For Non-CSP

...

users follow the below steps to troubleshoot the issue

  1. If the consent has not enabled the checkbox before sign in to your Microsoft Account, follow the steps below

    1. login to Microsoft Azure portal https://portal.azure.com

    2. Click on Enterprise Applications -> Search for your Tenent in the overview

      Image Modified
    3. In the Enterprise Applications, Click on All Applications → Click on CyberCNS Application

      Image Modified
    4. After clicking on CyberCNS click on Properties

      → Delete the application

      .

      Image Modified
  2. Navigate to Global Settings(⚙) > Integrations and choose Azure AD from the integrations listed here.

    Image Modified
  3. It will lead you to add credentials for your Azure AD Instance. Provide details as requested. Enter Azure AD Credentials

  4. Click on + to add Azure AD credentials.

    Image Removed

  5. Choose a name for the credentials and Save.

    Image Removed

...

  • On clicking the Save option is clicked,

...

  • User are redirected to sign in to

...

  • Microsoft account.

    Image ModifiedImage Modified
  • Once the login is successful, the Azure AD Credentials will be stored. It is possible to add multiple credentials.

...

  • user need to log on with a user having a Global Administrator role.

...

  • If data is not populated check in the Microsoft Azure portal in CyberCNS permissions, the type of permissions to be granted for an Admin account or User account

...

  • . Click on “Grant admin consent”.

...

  • Click on “Accept“ permission

...

  • Once the Permission request is accepted user will get the message as “Grant admin consent for CyberCNS-Admin consent was successfully added” as shown below and the user will get redirected to the CyberCNS page.

...

  • Login to CyberCNS and follow the below steps to map the company.

  • As shown in the below image, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

...

  • Once the company is selected click on ‘+' to select the company and click on Finish to map all the selected Azure AD companies.

...

Troubleshooting Case 2: Azure Token expired

Info
  • Azure token will expire every 90 days. So Azure AD data sync will error out. Please follow below steps to get it reset.

  1. Navigate to Global Settings(⚙) > Integrations and choose Azure AD from the integrations listed here.

...

  • It will lead

...

  • to add credentials for your Azure AD Instance. Provide details as requested.

  • Enter Azure AD Credentials

  1. Click on + to add Azure AD credentials.

    Image Removed
  2. Choose a name for the credentials and Save.

    Image Removed

...

  • On clicking the Save option is clicked,

...

  • user will be redirected to sign in to

...

  • Microsoft account.

...

  • Once the login is successful, the Azure AD Credentials will be stored. It is possible to add multiple credentials. You need to log on with a user having a Global Administrator role.

...

  • This completes Azure AD Integration.

Troubleshooting Case 3: Azure AD scan failure

Once the scan is initiated, the User can check in the jobs sections → Azure Active Directory Jobs.

Since the user will not have the privilege to access, If the AD scan is failed for CSP and Non-CSP users, Follow the steps below

CSP Users

  1. For CSP users follow the below steps to troubleshoot the issue

    1. Replace the customerid with Azure tenant ID in the below URL

    2. https://login.microsoftonline.com/{customerid}/v2.0/adminconsent?client_id=41347456-8f58-4bee-9a3a-0f5708b7212f&scope=offline_access%20Organization.Read.All%20User.Read%20AccessReview.ReadWrite.All%20email%20Reports.Read.All%20SecurityEvents.Read.All%20Directory.AccessAsUser.All%20Directory.ReadWrite.All%20openid%20profile%20User.ReadWrite.All%20Group.ReadWrite.All%20SecurityEvents.ReadWrite.All%20AuditLog.Read.All&redirect_uri=https://authccns.mycybercns.com&state=12345 login with your customer administrator account and accept all the steps wait for some time to see populated data.

    3. Even after enabling consent for all the users, If the consent is not enabled for the customer:

Login to Microsoft account using customer tenant global admin credentials and accept the consent.

Non CSP Users

  1. For Non-CSP users follow the below steps to troubleshoot the issue

    1. If the consent has not enabled the checkbox before sign in to your Microsoft Account, follow the steps below

    2. login to Microsoft Azure portal https://portal.azure.com

    3. Click on Enterprise Applications -> Search for your Tenent in the overview

      Image Added
    4. In the Enterprise Applications, Click on All Applications → Click on CyberCNS Application

      Image Added
    5. After clicking on CyberCNS click on Properties.

      Image Added
    6. Navigate to Global Settings(⚙) > Integrations and choose Azure AD from the integrations listed here.

      Image Added
    7. It will lead you to add credentials for your Azure AD Instance. Provide details as requested. Enter Azure AD Credentials

    8. Click on + to add Azure AD credentials.

    9. Choose a name for the credentials and Save.

      Image Added
    10. On clicking the Save option is clicked, Users are redirected to sign in to the Microsoft account.

      Image Added
    11. Image Added

      Once the login is successful, the Azure AD Credentials will be stored. It is possible to add multiple credentials. user needs to log on with a user having a Global Administrator role.

    12. If data is not populated check in the Microsoft Azure portal in CyberCNS permissions, the type of permissions to be granted for an Admin account or User account. Click on “Grant admin consent”.

      Image Added
    13. Click on “Accept“ permission

      Image Added
    14. Once the Permission request is accepted user will get the message as “Grant admin consent for CyberCNS-Admin consent was successfully added” as shown below and the user will get redirected to the CyberCNS page.

      Image Added
    15. Login to CyberCNS and follow the below steps to map the company

    16. As shown in the below image, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

      Image Added
    17. Once the company is selected click on ‘+' to select the company and click on Finish to map all the selected Azure AD companies.

      Image Added
    18. Even after enabling consent for all the users, If the consent is not enabled for the customer:

Login to Microsoft account using customer tenant global admin credentials and accept the consent.