Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we'll get it updated.
TABLE OF CONTENTS
Overview
This guide describes the steps required to configure a Microsoft 365 (M365) telemetry integration in Samurai XDR.
To create this Integration you will need to perform actions in Microsoft Azure/Entra followed by configuration in Samurai XDR:
Microsoft App Registration
Create an App Registration for the credentials to use when configuring the integration in Samurai XDR
Set Permissions for the App Registration
Create a Secret key for authentication
Samurai XDR → Telemetry Integration
Create a new Samurai XDR Telemetry Integration for Microsoft 365, providing the credentials configured above.
Microsoft App Registration
Navigate to either the Azure portal (https://portal.azure.com/ ) or Entra (https://entra.microsoft.com/ ) Admin Center, and sign in with administrator level credentials.
If you have access to multiple tenants, ensure that the correct tenant is selected from the Directories + subscriptions menu in Settings:
If you signed in through the Azure Portal select Microsoft Entra ID from the main menu:
Create an App Registration
From this point onwards the menu options are the same for both the Azure and Entra portals. Select App Registrations from the main menu:
Azure
Entra
Select New registration:
Enter a Name for the App Registration and click Register:
Record the Application (client) ID and Directory (tenant) ID for later use, then select either of the options for accessing API permissions:
Set Permissions
We need to ensure that the App Registration has access to the necessary elements within the Microsoft Graph API in order to surface alerts within Samurai XDR, we need to add the following:
SecurityAlert.Read.All
To do this, first click Add a permission:
Select Microsoft Graph:
Then select Application Permissions, enter SecurityAlert.Read.All into the search box, and ensure that the checkbox beside this permission is checked. Click Add permission:
If a warning is visible in the Status column, a higher level administrator (site owner) will need to login to accept the permission:
Create a Secret
Select Certificates & secrets from the menu:
Select Client secrets and click New client secret:
Provide a descriptive name for the secret, and an expiration date in line with your organization’s policy, then click Add:
The new Secret will be displayed, copy the Value for the secret for use in Samurai configuration in the upcoming steps:
Configure the Integration in Samurai XDR
To create a new Microsoft 365 integration you will need the following information:
A name for your new integration. This will be displayed on the Telemetry → Integrations screen.
An optional description for your integration. This can be useful if you connect multiple products or instances of the same product.
The App Registration credentials previously generated in Microsoft Azure:
Application (client) ID
Directory (tenant) ID
Client secret Value.
Sign in to Samurai XDR and select Telemetry → Integrations from the main menu:
Click on the Create button:
Select Microsoft 365 from the available Integrations:
Provide the details recorded during your App Registration setup:
Click Test and Samurai XDR will reach out to Microsoft 365 to validate the credentials provided:
When the Test has passed, the Finish button is enabled, click it to save your new Integration, Samurai XDR will redirect you to the Telemetry Integrations screen where it will be visible:
For general information on Integrations refer to the Integrations article.