Microsoft Entra ID Protection assists organizations in identifying, investigating, and addressing identity-based risks. These risks can be integrated with tools like Conditional Access to inform access decisions, or they can be sent to a security information and event management (SIEM) system for additional investigation and correlation.
Overview
The integration retrieves risk events generated by Microsoft's Entra ID Protection package through the Microsoft Graph API. These events are then forwarded to the Human Risk Platform, which associates each event with a specific user and updates that user's identity component within the attack factor.
- Please note that historical events will not be retrieved from Entra ID Protection; only events from the moment of integration onward will be processed. This approach simplifies onboarding, ensuring that we do not alter any historical attack factor scores that the admin may have already reviewed.
- This integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security Cloud Gateway customers.
Prerequisites
- You must have a Mimecast Engage license.
- You must have a Microsoft Entra ID P2 license or better.
To configure the Microsoft Entra ID Protection integration with the Human Risk Platform, you must have one of the following roles:
- Global Sys Admin
- Sys Admin - SD Full
- Super Administrator
- Full Administrator
- Basic Administrator
- Partner Administrator
- Custom role with Integrations Marketplace having Read/Write enabled.
These roles are required to add, edit, or delete the integration configuration in the Integrations Hub.
Benefits
- The integration retrieves risk events generated by Microsoft’s Entra ID Protection package through the Mimecast API.
- It integrates with security platforms, such as Mimecast’s Human Risk Platform, providing security analysts with better visibility into identity-related attacks and enabling organizations to proactively respond to threats.
- Detects risks early, allowing customers to swiftly investigate any potential compromises.
- Exposes the threats and risks that your organization is currently facing.
Integration
To integrate Mimecast with Microsoft Entra ID Protection:
- Log in to the Mimecast Administration Console.
- Navigate to Integrations | Integrations Hub.
- Find the Microsoft Entra ID Protection tile displayed in the integrations section.
- Click on the Configure New button to start creating a new integration.
- Fill out the integration creation form by providing an Application name and Description
- Click on the Authorize button, which will redirect you to the Microsoft login page
- Use your credentials for Microsoft Entra ID to log in and provide the necessary consent.
- After logging in, validate the credentials and Accept the consent request.
- Wait for the integration instance to be created and receive a success message.
- Initially, the integration status may be Unavailable. Refresh the page to see the status change to Connected.
- You can edit the integration to change the description or delete it using the available options.
Entra ID Protection Events
- Navigate to the Human Risk Command Center to verify that events from Microsoft Entra ID are flowing into the system.
- Events are categorized under Identity, and they do not contribute to the Human Risk Score at the individual or organization level.
score. - Access the risk analysis page to see how events are categorized and scored.
- Check individual user profiles to see how identity events impact their attack factor.
- Click on specific events to view additional details such as email ID, username, and other relevant information.
Comments
Please sign in to leave a comment.