Red Canary Managed Security Service Provider (MSSP) Access Instructions for Azure P1 will provide Red Canary organization members with direct access to your Microsoft Defender Security Center console.  

These instructions are intended for customers who use Microsoft Azure P1 type licenses, which does not allow access to the Identity Governance features of Azure. If you have an E5/A5 license, see Connecting Red Canary to Microsoft Defender for Endpoint in the Red Canary Help Center.

Granting Red Canary Access consists of three steps: 

1. Prepare Microsoft Azure group for RBAC
2. Enable Role Based Access Controls in MDE
3. Add Red Canary Shared User 

Before beginning the MSSP Access process for Azure P1, you will need to have access to an account with Security Administrator privileges within your Azure organization. 

Prepare Microsoft Azure group for RBAC and bulk uploading Red Canary users to Azure.

1. Navigate to https://portal.azure.com and log in with your Global or Security Administrator Microsoft account. 
2. Expand the navigation pane on the left hand side of the page and select Azure Active Directory. 
3. Select Groups. 
4. Click New Group. 
5. Fill in the group parameters with the following: 
• Group Type: Security
• Group Name: Red Canary
• Group Description: Red Canary Access Group
• Azure AD roles can be assigned to the group: Yes
• Membership Type: Assigned
• Owners: No owners selected
• Members: No members selected
6. Click Create. 

Enable Role Based Access Controls in Microsoft Defender for Endpoint.

1. Navigate to https://securitycenter.windows.com and log in with your Global Administrator Microsoft account.
2. Click Settings | Roles | Add Item. 
3. Configure permissions for the new role. 
   1. Role Name: Red Canary
   2. Description: Red Canary Access Role
   3. Select the following Permissions boxes only. 
      1. View Data
         • Security Operations
         • Threat and Vulnerability Management
      2. Active Remediation Actions
         • Security Operations
      3. Alerts Investigation
      4. Live Response Capabilities
         • Basic
   4. Click Assigned User Groups.
   5. Select the group named Red Canary.
   6. Click Add Selected Groups.
   7. Click Save.

Add the Red Canary shared user account

1. Navigate to https://portal.azure.com and log in with your Global or Security Administrator Microsoft account. 
2. Expand the navigation pane and select Azure Active Directory. 
3. Select Users. 
4. Select New Guest User. 
5. Choose Create a User.
6. Fill in the group parameters with the following: 
   • Identity
     • User Name: redcanary
     • Email Address: <Red Canary will provide you this email address>
     • Name: Red Canary
     • First Name: Leave blank

     • Last Name: Leave blank

   • Groups and Roles

     • Groups: Select the Red Canary group you just created.

     • Roles: <Don't select a role. Adding a role in this step will cause an error.>

   • Settings

     • Block Login: Off

     • Usage Location: United States

   • Leave Job Info blank.

7. Click Create.

Add the security reader role to your Red Canary account

1. Navigate to https://portal.azure.com, and then log in with your Global or Security Administrator Microsoft account. 
2. Expand the navigation pane, and then select Azure Active Directory.
3. Select Users.
4. Choose the Red Canary user that you created earlier.
5. Select Assigned Roles.
6. Click Add assignments.
7. Select the Security Reader role.
8. Click Add.