Microsoft Graph Security integration
Microsoft Graph Security is an external data source that aggregates data from multiple security providers. It also provides access to the user inventory data.
Citrix Analytics currently supports the following security providers from Microsoft Graph Security:
- Azure AD identity protection
- Microsoft Defender for Endpoint
For more information on the security providers, see the following links:
- For Azure AD Identity Protection: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events
- For Microsoft Defender for Endpoint: https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection
To onboard the Microsoft Graph Security data source, you need to obtain the required permissions on behalf of a tenant, from the Microsoft identity platform.
Before you begin onboarding the Microsoft Graph Security data source, ensure that:
The administrator is using the Azure AD Identity Protection (part of the Azure AD Premium P2) security provider.
The end user is signed in to Microsoft Store with Work or School accounts.
Onboarding Microsoft Graph Security instances
Go to Settings > Data Sources > Security and then navigate to the EXTERNAL DATA SOURCES section.
Click the plus (+) sign on the Microsoft Graph Security site card. You get redirected to the authorize endpoint.
On the Microsoft window, sign in using your Azure logon credentials to register an account. Or, select an existing account.
Click Accept. You get redirected to the Data Sources page. The Microsoft Graph Security data source is now linked to your Citrix Cloud account.
Turn on or off data processing
To disable data processing, click the vertical ellipsis (⋮) on the site card and select Turn off data processing. It stops Citrix Analytics from processing data for this data source.
You can turn on data processing again by selecting Turn On Data Processing on the site card.
For information on Microsoft Graph Security risk indicators, see Microsoft Graph Security risk indicators.