Microsoft EntraID Microsoft EntraID

Configure the Microsoft EntraID connector to retrieve users, authentication methods, and directory data

This document describes the procedure to configure the Microsoft EntraID connector for retrieving user, authentication, and directory information.

Note

The EntraID and Intune connectors share the same Microsoft app registration. If you configure both, you only need to register the application once.

What You'll Get

This connector provides access to:

  • Tenant ID: Your organization's unique identifier
  • Application (client) ID: The app registration identifier
  • Client Secret: Authentication credential for API access

Prerequisites

  • Global Administrator access to Microsoft Entra ID

Configuration Steps

Step 1: Register the Application

  1. Go to Microsoft Entra admin center with a Global Administrator account
  2. Navigate to Entra ID > App registrations
  3. Click + New registration
    App Registration
  4. Fill in the registration form:
    • Name: OverView Access
    • Supported account types: Select Accounts in this organizational directory only
    • Click Register

    Register Application
  5. Save the IDs displayed on the Overview page:
    • Application (client) ID
    • Directory (tenant) ID

    Overview Access

Step 2: Create Client Secret

  1. In your app registration, go to Manage > Certificates & secrets
  2. Under Client secrets, click + New client secret
    Certificates & Secrets
  3. Configure the secret:
    • Description: OverView Access Secret
    • Expires: Choose appropriate duration (recommended: 24 months)
    • Click Add
  4. ⚠️ Important: Copy the Value immediately—it will only be shown once

Step 3: Configure API Permissions

  1. Go to Manage > API permissions
  2. Click + Add a permission
  3. Select Microsoft Graph > Application permissions
  4. Add the following permissions:
    User & Authentication:
    • User.Read.All
    • UserAuthenticationMethod.Read.All

    Device Management:
    • Device.Read.All
    • DeviceManagementApps.Read.All
    • DeviceManagementConfiguration.Read.All
    • DeviceManagementManagedDevices.Read.All
    • DeviceManagementServiceConfig.Read.All

    Directory & Audit:
    • Directory.Read.All
    • Domain.Read.All
    • AuditLog.Read.All
  5. Click Add permissions after adding all the permissions above
  6. Click Grant admin consent for Your Organization and confirm by clicking Yes
  7. Verify that all permissions show status Granted for Your Organization with a green checkmark

Summary

You should now have:

  • ✅ Application (client) ID
  • ✅ Directory (tenant) ID
  • ✅ Client secret value
  • ✅ API permissions granted

Configuration Details

When configuring the OverSOC EntraID connector, the default URLs are:

  • Token URL: https://login.microsoftonline.com/
  • API URL: https://graph.microsoft.com/v1.0/

If your environment requires different URLs (e.g., sovereign clouds), specify them during connector configuration.

Previous← AD CSV ExportNextCrowdStrike Falcon →