Browse Docs
ONLINE DOCUMENTATION

Azure AD Integration

How Azure AD Integration Works

You can integrate computers joined to an Azure AD with DefensX. You need to make sure that DefensX Connector Application in Azure is granted for the customer’s Azure domain.

DefensX Azure Connector application requires following permissions:

  1. Sign in and read user profile

  2. Read group memberships of a user

  3. Read directory data

All of the required permissions listed above are read-only permissions, DefensX application won’t require a permission that has write access. First two permissions is required for login on to our cloud backend interface interactively. So, those 2 permissions runs on behalf of the user who are trying to login in our backend.

Third permission (Read directory data) used to get a user’s group memberships information without user interactivity. It is important to have this permission in order to create users automatically in DefensX cloud backend with the correct group membership information.

Granting Permissions for DefensX Connector

You will find a "Grant Permissions" button in the "Settings → Azure AD & Active Directory" page like below.

1
Important
 You must have necessary admin rights to grant permissions to Applications in Azure AD.

Selecting Correct User For Giving Permissions

After clicking the "Grant Permissons" button you’ll be asked for which Azure account you want to use. It is important to select correct Azure account which has the right to grabt application consents at this stage.

2

After authenticated with correct account, you’ll see a permissions page like following:

defensx connector

Clicking the "Accept" button DefensX Connector Application will be granted for your domain.

Testing Granted Application

In this step, you should see a screen similar to this under "Settings → Azure AD & Active Directory" page. Your Azure AD tenant id must be displayed and button must be green.

4

You can check the integration with clicking the "Test Permissions" button.

Caution
 Please note that, after granting permissions for the DefensX Connector Application, you may need wait 10 to 60 seconds for changes to take effect on Azure AD at the first time.

Sync Azure AD Groups

Although it is not required to sync your Groups in Azure AD (it will be fetched automatically when users login to their devices with DefensX Agent installed), you may want to fetch your Azure AD groups for:

  • To verify that Azure AD connector working correctly and successfully fetching the user groups

  • Populate DefensX backend with correct groups without waiting an end user login to create Policies in DefensX and linking policies with user groups.

To do this, just go to the "User Groups" page and click on the "Sync Azure Groups" button:

5

Changing the Primary Domain

If you have changed your primary domain in Azure and start encountering permission errors from the DefensX Connector, follow the steps below to re-establish permissions between the Connector and Azure AD:

  • Log in to the DefensX Backend and navigate to Settings → Azure AD & Active Directory.

  • Click the Remove Grant button to remove the existing permissions in DefensX.

  • Log in to your Azure portal and go to Entra ID → Enterprise Applications.

  • Search for DefensX in the list of applications, then click on its name.

  • Under Manage → Properties, click Delete to remove the previous DefensX Connector application from your tenant.

  • Wait about 30 seconds, then follow the steps in Granting Permissions for DefensX Connector to reapply the permissions.
Secure Industries, Inc 101 Avenue of The Americas, Floor 9 New York, NY 10013