Azure AD Integration

Grant Trend Micro permission to access your Azure AD data for use in Trend Micro Vision One apps.

The Azure AD screen (Workflow and Automation > Third-Party Integration) provides an overview of Trend Micro Vision One apps that can access Azure AD data or trigger policy enforcement actions in Azure AD. Each app or group of apps is associated with a set of permissions that must be enabled within Azure AD to facilitate integration with Trend Micro Vision One.

Granting permissions: Unless otherwise specified, permissions are granted automatically by clicking Grant permissions, signing in to Azure AD with an administrator account, and clicking Accept.

To sync user lists and group memberships, click the sync icon (). The sync affects all associated apps for the tenant.

Note:

The status indicator icons display if the granted permissions are full () or partial (). For more details about additional required permissions, hover over the tooltip () for each associated app.

Important:

If you no longer want to integrate Azure AD with a previously associated app or group of apps, click Block permissions. Blocking permissions disconnects Azure AD from the app but does not delete or revoke the permissions in Azure AD.

For more information, see Blocking Azure AD Permissions.

The following table describes the information and actions available on the Azure AD screen.

Associated Apps

Description

Mobile Security

Grant Mobile Security access to Azure AD data to enable end users to authenticate with Azure AD during mobile device enrollment.

To enable, click Grant permissions and follow the onscreen instructions.

For more information, see Azure Active Directory Integration.

Search

Grant Search permission to access Azure AD to perform policy enforcement actions, such as disabling user accounts and forcing password reset, through the Response Management app.

To enable, click Grant permissions and follow the onscreen instructions.

For more information, see Response Actions.

Important:

To perform the Force Password Reset Task, the Trend Micro Vision One application in Microsoft Azure AD must be assigned the password administrator role.

Risk Insights

Grant Risk Insights permission to access your Azure AD data to gain deeper insight regarding the apps and devices your users access, and the behaviors that contribute to users' risk analysis.

To enable, on the Data source for risk analysis screen in Risk Insights, click Azure AD and follow the onscreen instructions.

For more information, see Configuring the Data Source for Risk Analysis.

Zero Trust Secure Access

Grant Zero Trust Secure Access permission to access data and perform actions in Azure AD to analyze risk events and suspicious user activity, and perform policy enforcement actions, such as disabling user accounts and forcing password reset.

To start collecting data, click Grant permissions and follow the onscreen instructions.

Important:
  • Before Zero Trust Secure Access can use the collected data, go to the Identity and Access Management screen, enable Data upload or Policy enforcement and follow the onscreen instructions.

  • To perform the Force Password Reset Task, the Trend Micro Vision One application in Microsoft Azure AD must be assigned the password administrator role.

For more information, see Supported IAM Systems and Required Permissions.

Note:

If you see an error message in the "Status" column, such as "Permission error" or “Application disabled in Azure AD”, refer to Troubleshooting Azure AD Connections.