Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Microsoft AD
Onboarding Guide - Microsoft AD
Gal Nakash avatar
Written by Gal Nakash
Updated over 2 weeks ago

Prerequisites

  1. The user performing the integration must have the Global Reader role assigned

  2. A Reco user with Admin Role

  3. Audit Logging in O365 Enabled

    1. Go to: https://compliance.microsoft.com/auditlogsearch

    2. Click on "Start recording user and admin activity"

Integrate MSFT Active Directory with Reco

  1. Login to the Reco Platform

  2. Click on "Configurations" and then "Integrations"

  3. Locate the "Microsoft AD" object, and click on "Add Integration"

  4. You will be redirected to a consent page, Click on "Accept"

  5. If the integration was successful, the Microsoft AD Integration status will become "Active"

  6. click on "Configure"

  7. Choose the required start date for data ingestion, and click on "Start Extraction"

What do we ingest exactly?

Metadata only!

Source

Required Scope

Documentation

MSFT_USER_API

Directory.Read.All

Link

MSFT_USER_MEMBER_OF_API

Directory.Read.All

Link

MSFT_GROUPS_API

Directory.Read.All

Link

MSFT_GROUP_OWNERS_API

Directory.Read.All

Link

MSFT_GROUP_MEMBERS_API

Directory.Read.All

Link

MSFT_USER_REGISTRATION_DETAILS_API

AuditLog.Read.All

Link

MSFT_SECURE_SCORE_API

SecurityEvents.Read.All

Link

MSFT_SECURE_SCORE_CONTROL_PROFILES_API

SecurityEvents.Read.All

Link

MSFT_DOMAINS_API

Directory.Read.All

Link

MSFT_DIRECTORY_AUDIT_API

AuditLog.Read.All

Link

MSFT_OWNERS_API

Directory.Read.All

Link

Did this answer your question?