Managed Security Awareness Initial Setup - Step 1

Updated Jan 31, 2024

Enroll users in MA using Microsoft Entra ID or Microsoft 365 Active Directory

You can enroll users to the MA program using Microsoft Entra ID (formerly Azure AD)® or Microsoft 365 Active Directory®.

Requirements

Steps

  1. Register your Arctic Wolf integration.
  2. Assign permissions to your Arctic Wolf integration.
  3. Generate a client secret for your MA integration.
  4. Obtain the ID values for your MA integration.
  5. Identify existing groups for MA users
  6. Integrate your Entra ID or Microsoft 365 Active Directory credentials with MA.
  7. Test your connection and synchronize the credential changes in Entra or Microsoft 365 Active Directory with MA.
  8. Verify that intended users are active in the MA Portal.

Step 1: Register your Arctic Wolf integration

  1. Sign in to the Microsoft Entra admin center (formerly Azure AD).

  2. If you are using:

    • Microsoft Entra ID (formerly Azure AD) — In the navigation menu, in the Admin centers section, click Identity.
    • Microsoft 365 — Click Apps > Admin > Show all > Identity > Applications > App registrations.

    Tip: You can also access this from the Microsoft Admin Console.

  3. In the navigation menu, click Identity > Applications > App registrations.

  4. Click + New registration.

  5. On the Register an application page, configure these settings:

    • Name — Enter the name that you want displayed for your application. For example, Arctic Wolf Managed Security Awareness Integration.
    • Supported account types — Select Accounts in this organizational directory only (Single tenant).

      Note: Multi-tenancy is not supported.

  6. Click Register.

    The Overview page for the newly registered application opens.

Step 2: Assign permissions to your Arctic Wolf integration

  1. In the navigation menu, in the Manage section, click API permissions.

  2. Click + Add a permission.

  3. Click Microsoft Graph.

  4. Click Application permissions.

    Note: Do not click Delegated permissions. This does not provide the API permissions required for MA setup, so it will cause an insufficient permissions error message.

  5. In the Select permissions search bar, enter Directory.Read.All, expand Directory, and then select the Directory.Read.All checkbox.

  6. In the Select permissions search bar, enter User.Read.All, expand User, and then select the User.Read.All checkbox.

  7. Click Add permissions.

  8. In the Configured permissions section, click Grant admin consent for <company_name>.

  9. On the Grant admin consent confirmation dialog, click Yes.

    Your Microsoft Graph permissions should look like this:

Step 3: Generate a client secret for your MA integration

  1. In the navigation menu, click Manage > Certificates & secrets.

  2. Click the Client secrets tab.

  3. Click + New client secret.

  4. On the Add a client secret page, configure these settings:

    • Description — Enter a description for the client secret. For example, Arctic Wolf Secret.
    • Expires — Select 730 days (24 months).
  5. Click Add.

    Your new client secret appears on the Client secrets tab.

  6. In the Value column, click Copy to clipboard to copy the client secret, and then save it in a safe, encrypted location.

    Notes:

    • The client secret value is time-sensitive. It is only viewable during the application registration, so it must be saved now.
    • Do not share the client secret with anyone outside of authorized personnel.
    • If Arctic Wolf requires a copy of the client secret, we will provide you with a secure transfer link. For example, Egnyte.

Step 4: Obtain the ID values for your MA integration

  1. In the navigation menu, click Overview.
  2. For these fields, copy their associated values and save them in a safe, encrypted location:
    • Application (client) ID
    • Directory (tenant) ID

Step 5: Identify existing groups for MA users

The MA program uses an AD group to assign sessions to users.

Note: Arctic Wolf cannot sync more than one group.

  1. In the navigation menu, click Identity > Groups > All groups.
  2. Determine if you have an existing group for MA users:
    • If you have an existing group — Confirm this information about your AD group, and then proceed to the next step.

      • Make sure your AD group contains the users that you want to include in the MA program. A user is defined as a single licensed user associated with one email account.
      • Make sure your AD group includes all MA admins as active users.
      • If you select an existing group, make sure the group does not contain non-human users. For example, fax machines, copy machines, conference rooms, or distribution email groups.
      • Make sure your AD group is a Microsoft 365 or Security group. You cannot use a distribution list or mail-enabled security group.
    • If you do not have an existing group:

      1. Click + New group.
      2. On the New Group page, configure these settings:
        • Group type — Select Security.

          Note: you can also use a Microsoft 365 group.

        • Group name — Enter an easily identifiable name for the AD group. For example, Arctic Wolf Managed Security Awareness, AW MSA, or AW Managed Awareness.
        • Members — Click No members selected, and then select users to add to your AD group.
      3. Click Create.

Step 6: Integrate your Entra ID or Microsoft 365 Active Directory credentials with MA

  1. In a new browser tab, sign in to the MA Portal.
  2. Click Settings > User Management.
  3. In the New Integration section, in the Integration Type list, select Microsoft Entra ID.
  4. In the Integration Nickname field, enter a name for the integration.
  5. Configure these settings:

Step 7: Test your connection and synchronize the credential changes in Entra or Microsoft 365 Active Directory with MA

  1. Click Test Connection, and then do one of these actions:

    • If the "Connection Successful" message appears, click Acknowledge, and then click Save Credentials.
    • If errors persist, see Troubleshooting for more information.
  2. In the Awareness Group section, in the Select a group list, select the AD group that you created for MA.

  3. Click Query Group.

    Note: Record the AD Group name and the total number of users. You will use this number later to make sure the intended users are active in the MA Portal.

  4. Click Save Integration.

  5. On the User Integration page, in the Saved Credentials section, click Sync Now.

    Active users are pushed to the MA Portal.

  6. If you receive an error message similar to “You are trying to access a page that is restricted,” verify in the Entra ID admin portal that you are a member of the AD Group that you selected for user synchronization. If you are a member and still receive an error message, submit a ticket in the Arctic Wolf Unified Portal.

Step 8: Verify that intended users are active in the MA Portal

  1. Click Administration Dashboard.
  2. Click the User Information tab.
  3. Make sure the number of entries at the bottom of the user table matches the total number of users you recorded earlier.

Next steps