Red Canary MSSP Access Instructions for Azure P1 will provide Red Canary organization members with direct access to your Microsoft Defender Security Center console. RBAC Permissions are fully configurable and access is audited via Microsoft Azure Active Directory.
These instructions are intended for customers who use Microsoft Azure P1 type licenses, which does not allow access to the Identity Governance features of Azure. If you have an E5/A5 license, please see this help article to get started.
Granting Red Canary Access consists of two steps:
- Preparing groups and bulk uploading users to Azure
- Enabling Role Based Access Controls (RBAC) in Microsoft Defender ATP
Before beginning the MSSP Access process for Azure P1, you will need to have access to an account with Security Administrator privileges within your Azure Organization.
Preparing Microsoft Azure group for RBAC and bulk uploading Red Canary users to Azure.
- Navigate to https://portal.azure.com and log in with your Global or Security Administrator Microsoft account.
- Expand the navigation pane on the left hand side of the page and select Azure Active Directory.
- Select Groups.
- Click “New Group”
- Fill in the group parameters with the following:
- Group Type: Security
- Group Name: Red Canary
- Group Description: Red Canary Access Group
- Azure AD roles can be assigned to the group (Preview): Yes
- Membership Type: Assigned
- Owners: No owners selected
- Members: No members selected
- Click “Create”
- Navigate to “Users” in Azure Active Directory.
- Click “Bulk Operations” from the top menu.
- Click “Bulk Invite” from the “Bulk Operations” menu.
- Click the folder icon labeled “Upload your csv file” and browse to the file titled “BulkUserInvite_RedCanaryUsers.csv” provided by your Red Canary account rep.
- Click Submit.
- Navigate to Azure Active Directory Groups.
- Select the Red Canary group.
- Select “Bulk Operations” from the top menu.
- Select “Import Members”
- Click the folder icon labeled “Upload your csv file” and browse to the file titled “BulkMembers_RedCanary.csv” provided by your Red Canary account rep.
- Click Submit.
Enabling Role Based Access Controls in Microsoft Defender for Endpoint.
- Navigate to https://securitycenter.windows.com and log in with your Global Administrator Microsoft account.
- Click on Settings
- Click on Roles
- Click Add Item
- Configure permissions for the new role.
- Role Name: Red Canary
- Description: Red Canary Access Role
- Check the following Permissions boxes only.
- View Data
- Security Operations
- Threat and Vulnerability Management
- Active Remediation Actions
- Security Operations
- Alerts Investigation
- Live Response Capabilities
- Basic
- View Data
- Click on “Assigned user groups”
- Select the group named Red Canary
- Click Add Selected Groups
- Click Save