Azure AD Integration

You can integrate computers joined to an Azure AD with DefensX. You need to make sure that DefensX Connector Application in Azure is granted for the customer’s Azure domain.

DefensX Azure Connector application requires following permissions:

All of the required permissions listed above are read-only permissions, DefensX application won’t require a permission that has write access. First two permissions is required for login on to our cloud backend interface interactively. So, those 2 permissions runs on behalf of the user who are trying to login in our backend.

Third permission (Read directory data) used to get a user’s group memberships information without user interactivity. It is important to have this permission in order to create users automatically in DefensX cloud backend with the correct group membership information.

You will find a "Grant Permissions" button in the "Settings → Azure AD & Active Directory" page like below.

After clicking the "Grant Permissons" button you’ll be asked for which Azure account you want to use. It is important to select correct Azure account which has the right to grabt application consents at this stage.

After authenticated with correct account, you’ll see a permissions page like following:

Clicking the "Accept" button DefensX Connector Application will be granted for your domain.

In this step, you should see a screen similar to this under "Settings → Azure AD & Active Directory" page. Your Azure AD tenant id must be displayed and button must be green.

You can check the integration with clicking the "Test Permissions" button.

Although it is not required to sync your Groups in Azure AD (it will be fetched automatically when users login to their devices with DefensX Agent installed), you may want to fetch your Azure AD groups for:

To do this, just go to the "User Groups" page and click on the "Sync Azure Groups" button: