Prerequisites

Please confirm that the tenant and users have at least Azure AD P1 licensing to allow Huntress to access Microsoft APIs. This licensing is included in Microsoft 365 Business Premium, however it is recommended to verify your licensing.

Please verify that the tenant has audit logging enabled, if not, please do the following 24 hours before attempting onboarding:

Within the tenant:

• Navigate to https://compliance.microsoft.com
• Left-hand menu, Solutions > Audit
• If blue "Enable Audit Logging" is present, click to enable.

Please note that Audit Logging enablement may take 24 hours to complete. This is a Microsoft restriction. However, we have seen this complete within an hour typically.

Please verify that you do not have Security Defaults enabled in your Azure Tenant by doing the following:

1. Go to Azure Active Directory > Properties
2. Click on the Manage security defaults link down the bottom

When disabling this please read this article to implement the Enforced Security Policies as individual policies along with the Huntress Conditional Access Policy below. Otherwise, you will be weakening your security posture in Azure.

In the Tenant's AzureAD

• As an Administrator...
• Create a new dedicated Service Account, for example, HuntressAdmin@domain.tld.
  • This account must be a Global Administrator, at least for App Installation.
• HuntressAdmin@domain.tld must use Microsoft Multi-Factor Authentication either via Conditional Access or Per-User MFA.
  
  • Other MFA providers, e.g., Duo, will not work. Microsoft Documentation.
• Create a new Conditional Access Policy, for example, Huntress Conditional Access Policy
  • Assignments > Users > Include > Select user and groups ... HuntressAdmin@domain.tld
  • Target Resources > Cloud apps or actions > Select "All cloud apps"
  • Grant > Grant access ... Require multifactor authentication
  • Enable policy ... On
• Edit each pre-existing Conditional Access Policy with State `On`
  
  • Assignments > Users > Exclude > Users and groups ... HuntressAdmin@domain.tld
• Navigate to the User Details view for HuntressAdmin@domain.tld
  • In the left-hand menu
    • Managed > Assigned Roles
      • Global Administrator (This role may be removed after enrollment but the admin account needs to remain in place)
      • Application administrator
      • Privileged authentication administrator
      • Security administrator
      • Exchange administrator
      • Authentication policy administrator
      • Intune administrator
      • User administrator
      • Teams administrator
      • Cloud application administrator
      • Conditional access administrator

    Please allow 30-60 minutes after creating the Huntress Service account before proceeding with the integration. It can take Microsoft a little time to assign all permissions to the newly created account. Integration prior to the permissions propagating will lead to an integration error.

Activating the Microsoft 365 integration

[CRITICAL] At a minimum, Incognito/Private browsing, with no extensions, is required.
Due to ongoing browser changes, we recommend using a virgin web browser container (e.g., Firefox).

Add the Microsoft 365 integration, if necessary

Select "Add Tenant Manually"

Choose Huntress Organization to map the Microsoft 365 Tenant to.

Sign in with a dedicated service account