> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Entra Instructions

> Instructions on how to onboard a Microsoft Entra Integration

## Microsoft Entra

To integrate with Microsoft Entra, users will have to authorize Leen's Microsoft Entra app, which is an OAuth2 app.
This will allow Leen to access the appropriate Microsoft Entra resources in the organization's account.
Leen takes care of the OAuth2 code-flow and access token management, so you don't have to worry about it.

## Required Permissions

The Leen Microsoft Entra app requires the following permissions:

* **User.Read.All**: Read user profiles
* **Group.Read.All**: Read group information
* **Application.Read.All**: Read application information
* **IdentityRiskyUser.Read.All**: Read identity risk information
* **IdentityRiskEvent.Read.All**: Read identity risk events
* **Policy.Read.All**: Read organization policies (for policy management features)
* **Policy.Read.Authentication**: Read authentication policies

## Onboarding

Follow the steps below to onboard your environment to our Microsoft Defender app.

<Steps>
  <Step title="Create Microsoft Entra Connection">
    With your Leen API Key and your Customer's Org ID, make a API request to create a new Microsoft Defender Connection.
    More information can be found on the [API Reference page.](/api-reference/provisioning/add-new-connection)

    <Accordion title="Example POST body and response">
      ```json theme={null}
          {
            "vendor": "MS_ENTRA"
          }
      ```

      The response will look like this:

      ```json theme={null}
        {
            "id": "c54de187-df62-4e95-b10f-0ab53b095d9d",
            "vendor": "MS_ENTRA",
            "refresh_interval_secs": 14400,
            "timeout_secs": 1800,
            "organization_id": "fbd8b095-3c39-4137-9478-c32308444202",
            "oauth2_authorize_url": "https://login.microsoftonline.com/common/adminconsent?....."
        }
      ```
    </Accordion>
  </Step>

  <Step title="Granting permission to Leen app for Microsoft Entra">
    Open the `oauth2_authorize_url` from the previous step in a new tab.
    This will prompt the admin user to authorize Leen's Microsoft Entra app to access their Microsoft Entra resources.

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/ms_defender/entra_permission_grant.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=1dd2b7ceea10d73d739b18c34ecf5e27" alt="Microsoft Entra-auth" width="444" height="664" data-path="images/ms_defender/entra_permission_grant.png" />

    Once the user has authorized the app, they will be redirected to Leen on a successful authorization.

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/ms_defender/successful_connection.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=61fd0c0fa6dd3807fdd50d4dd4c2178e" alt="Microsoft Entra-auth-success" width="1072" height="1236" data-path="images/ms_defender/successful_connection.png" />
  </Step>

  <Step title="Pull Data">
    Now that the user has authorized the app, you can pull data from Microsoft Defender using the `connection_id` from the first step.
    More information can be found on the [API Reference page.](/api-reference/idp/get-issues)
  </Step>
</Steps>