Help Center
Go back to application
Help Center
Go back to application
Setting up your integration for MS Secure ScoreSetting up your integration for Tenable.io
Getting Started
Creating your Cyber Security Posture
Assessments
How to create an assessmentsCompleting an assessment
Settings
Team & Collaboration SetupMulti-factor Authentication (MFA)

Setting up your integration for MS Secure Score

Overview

In order for CyberSystem to access your Microsoft Secure Score, you will need to set up application credentials within MS365. 

Broadly speaking these are the steps that you will need to follow, however please refer to Microsoft's own documentation as this process may change from time to time. You will find the relevant links in the sections below. 

What does CyberSystem need?

There are three pieces of information that CyberSystem needs to successfully integrate your Microsoft Secure Score into your organisation:

  1. Application (client) ID
  2. Directory (tenant) ID
  3. Credentials

To obtain this information, you will need to setup an Entra ID App Registration. 

Note, a Tenant name is also needed, however this is a reference only and does not need to match any information within Entra itself.  

Setup an Entra ID App Registration

Microsoft's documentation: Register an application in Microsoft Entra ID

Finding your Application and Directory ID's

Once you have completed the registration, you will be able to find your Application (client) ID, Directory (tenant) ID within the App registrations screen:

Creating credentials 

Depending on how you would like to setup the integration, or what your organisation's policies for external integrations may be, you are able to choose between two main credential types. Each have slightly different setup paths within Entra and can be seen in the Microsoft documentation below:

  1. Use a client secret
  2. Use a certificate (recommended)

When using a certificate, there are a number of options:

  • Generate the certificate within CyberSystem
    You will need to copy or upload the certificate and key into Entra, prior to testing the connection
  • Generate the certificate within Entra (or more accurately, Azure Key Vault) 
    You will need to copy or upload the certificate and key into CyberSystem, prior to testing the connection
  • Generate the certificate yourself, or through another certificate issuer
    You will need to copy or upload the certificate and key into both Entra and CyberSystem, prior to testing the connection

  

Where do the keys go?

When creating a new Microsoft Secure Score integration from the Settings > Integration page within CS, you will first be presented with a form in which to copy your Application and Directory ID's into:

Once completed, you will be asked what type of authentication you would like to use - Certification or Client Secret. Depending on which, you will be directed to where you can upload or paste you certificate/key or secret. 

 

 

 

Was this article helpful?

Powered by Product Fruits