Creating apps in Entra ID for Microsoft connectors

The Neurons Platform includes a variety of connectors for retrieving data from your Microsoft database sources. Before setting up these connectors in Neurons, you need to register each one as an app in the Entra ID section of your Azure portal with the necessary permissions and credentials. (Entra ID was formerly Azure AD.)

This extra step is mandatory for the following connectors (whether they are run in the cloud or using an on-premises connector server):

Entra ID
Intune
Microsoft 365
Defender for Endpoint (MDE) – Requires its own procedure (see below).

Important notes:

To better facilitate troubleshooting, create a new app for each connector you plan on using.
When adding permissions for each app, ensure Grant admin consent is selected for each permission.
If you add or change permissions for the app after initial registration, the Microsoft Application Key will not be updated and will need to be generated again. Make sure to update the connector with the new secret after changing permissions.
If there is user data already in Neurons from another source and you import user data from Entra ID, Neurons will reconcile the records using the user’s email so that you do not have duplicate user records.

To create an app for the Entra ID, Intune, or Microsoft 365 connector

Repeat this procedure for each connector (Entra ID, Intune, or Microsoft 365) that you want to set up in Neurons.

1.Sign in to the Azure portal and select Microsoft Entra ID.

2.In the left navigation pane, click App registrations.

3.At the top of the page, click New registration.

4.On the Register an application page, enter a name for this app, select the appropriate account type, and click Register to create the application. No redirect URI is needed.

5.On the Overview page for your new app, click View API permissions.

6.Click Add a permission.

7.Click Microsoft Graph.

8.In the right pane under Request API permissions, click Application permissions (not Delegated permissions).

9.Add the following API permissions for the connector and ensure Grant admin consent is selected (so that each permission displays with a green checkmark).

Entra ID:

•Application.Read.All

•Auditlog.Read.All

•Device.Read.All

•DeviceManagementServiceConfig.Read.All

•DeviceManagementServiceConfig.ReadWrite.All

•Directory.Read.All

•Directory.ReadWrite.All

•Reports.Read.All

•User.Export.All

•User.Read

•User.Read.All

•User.ReadWrite.All

•To receive purchase order identifier data: DeviceManagementServiceConfig.Read.All

•To use group filters (device and user) in Neurons: Group.Read.All

Intune:

•Device.Read.All

•Device.ManagementApps.Read.All

•DeviceManagementManagedDevices.Read.All

•Directory.Read.All

•User.Read.All

•To use scope tag filters in Neurons:

•DeviceManagementConfiguration.Read

•DeviceManagementRBAC.Read.All

•To perform actions and queries in Neurons:

•DeviceManagementManagedDevices.ReadWrite.All

•Directory.ReadWrite.All

•User.ReadWrite.All

You will also need to fill in the Action credentials fields for this connector in the Neurons console.

Microsoft 365:

•Directory.Read.All

•Organization.Read.All

•Reports.Read.All

•User.Read

10.Click Add permissions.

11.In the left navigation pane, click Certificates & secrets.

12.Click New client secret.

13.Enter a description and timeline, then click Add. Copy and paste the secret into Notepad. You will need this secret when setting up the connector in Neurons.

14.In the left navigation pane, click Overview. Copy and paste the Application (client) ID and Directory (tenant) ID into Notepad. You will need these IDs when setting up the connector in Neurons.

You are now ready to set up the same connector(s) in Neurons. For details, see Microsoft Entra ID connector, Microsoft Intune connector, or Microsoft 365 connector.