Data Integration Guide - Microsoft O365/Graph

For Microsoft's documentation on this process, please see this link.

To grant access you will need to register a new “Application” in Azure Active Directory
Grant the appropriate permissions to the newly created application
Generate a client secret that the Unify platform can use to access the API.
Enter the generated values into the Microsoft Graph Client Unify integration page:

⚠️ Please ensure that all permissions granted for the API credentials are set as Application Level Permissions.

If your organization subscribes to the following policies/services, please ensure these

providers are configured to send alerts to the graph API:

API	Access Level
Graph Security	SecurityAlert.Read.All
Graph Security	SecurityEvents.Read.All
Azure AD	User.Read.All
Intune	DeviceManagementApps.Read.All
	DeviceManagementConfiguration.Read.All
	DeviceManagementManagedDevices.Read.All
	DeviceManagementServiceConfig.Read.All
	Device.Read.All
Privileged Identity Monitoring	PrivilegedAccess.Read.AzureAD
	PrivilegedAccess.Read.AzureADGroup
Attack Simulation	AttackSimulation.Read.All
Sign-Ins	AuditLog.Read.All
Service Usage Reports	Reports.Read.All
Additional Security Events	Policy.Read.ConditionalAccess

the Microsoft Graph Security API. Only the users in both Microsoft Defender for

Endpoint and Microsoft Graph Security API roles can have access to the Microsoft

Defender for Endpoint data. Because application-only authentication is not limited by

this, we recommend that you use an application-only authentication token.

** Microsoft Defender for Identity alerts are available via the Microsoft Cloud App

Security integration. This means you will get Microsoft Defender for Identity alerts

only if you have joined Unified SecOps and connected Microsoft Defender for Identity

⚠️ Required Information

The values Living Security will need to access the API are: