Get the customer to give you MS account global admin on their tenant
Nessus doc's don't quite match up to MS interface as MS interface is changing all the time:
https://docs.tenable.com/integrations/Microsoft/Azure/Content/ConfigureAzureComplianceAudit.htm?Highlight=microsoft%20365
Log into portal.azure.com (azure.microsoft.com)
Setup on OTP portal and update boost
Log into the customer tenant
Copy tenant ID from Home -> MS entra ID > overview into a notepad
Click on active directory (entra ID triangle icon)
Manage > App registrations on the left
Click the + New App registration button
Client credentials -> Add a certificate or secret
+ New client secret
Give name
Set expire
Copy value and secret ID *** IMPORTANT it will disappear and you will have to start again
ID looks like 7777701d-xxxx-yyyy-zzzz-6b6a1c969999 (don't think you need this but record anyway)
secret value is the secret key which we will need later (record everything so you have it)
Get the app ID from the app registrations and search Nessus
put them in a safe notepad with tenant ID (will need later)
To find the app reg again
Click app registrations, all applications and search your app reg name "Nessus"
Home -> Entra ID -> customer -> Roles and admins -> all roles ->
Search Global Reader *** wasn't there for some license levels***
Right click and go to description page (or 3 dots on end)
Go to Assignments on the left
+ Add assignments
Add to NessusScan app reg
Create new app
Get app ids + keys
Create a new client secret
You need to save the secret when it appears as it only displays once
Microsoft Graph *** old ***
Home -> Microsoft Entra ID > App Registrations > Your Application > API Permissions
Permissions -> applications -> read all (reader role)
Expand all and tick Read.All
In Nessus scan app > API Permissions
Add permission > Microsoft Graph > Application permissions
select all read ones
click add permissions
Then grand admin consent
- Azure Service Management — user_impersonation
- Microsoft Graph — Calendars.Read
- Microsoft Graph — DeviceManagementApps.Read.All
- Microsoft Graph — DeviceManagementConfiguration.Read.All
- Microsoft Graph — Directory.Read.All
- Microsoft Graph — Policy.Read.All
- Microsoft Graph — Reports.Read.All
- Microsoft Graph — User.Read.All
Scanning Microsoft Intune:
- Microsoft Graph — DeviceManagementApps.Read.All
- Microsoft Graph — DeviceManagementManagedDevices.Read.All
- select key
- Tenant ID (entra ID tenant ID, get from home overview in azure portal)
- app id (app registrations page for the nessus app you created App ID)
- Client secret (recorded when you setup nessus app secret value long string with no - sperators)
No comments:
Post a Comment