Skip to content
English
Contact AgileBlue Support Customer portal
AgileBlue Portal
  • There are no suggestions because the search field is empty.

M365 Security Integrations

Self-Service Onboarding & Lifecycle Management

Overview

The M365 Security Integration connects your Microsoft 365 environment directly to the AgileBlue Security Operations platform through a guided, self-service setup wizard, providing centralized visibility into audit logs, security incidents, alerts, and identity analytics without requiring manual credential configuration from your team. With support with four Microsoft services and automated secret lifecycle management built in, your integrations remain active and reliable - enabling your team to detect and respond to threats across your Microsoft environment from a single platform.

This article covers:

  • Navigating to the Integrations page
  • Running the setup wizard
  • Understanding integration status and secret expiration
  • Renewing an expiring or expired secret

Prerequisites

Before starting the setup wizard, confirm the following:

  • You have a Global Administrator account in your Microsoft 365 tenant.
  • You are logged into the AgileBlue portal with an account that has access to the Management section.
  • You know which Microsoft integrations you want to enable (see Supported Integrations below).

Note: A Global Administrator account is required during the Microsoft authentication step. Without it, the Azure app registration and permission consent cannot be completed.

Supported Integrations

The following Microsoft integrations are available for self-service setup:

Integration What It Provides

Office365

Audit log collection via Office 365 Management APIs; also supports account disablement workflows.
Microsoft Defender XDR Incident and alert data from Microsoft Defender XDR.
Microsoft Defender for Endpoint Host isolation capability and alert data; enables the Host Isolation setting in the portal.
Microsoft Entra ID Entity Analytics Identity analytics for your Microsoft Entra ID environment.

Navigating to the Integrations Page

  1. Log in to the AgileBlue portal.
  2. Expand the left navigation bar, and click Management to expand the section.
  3. Click on “Integrations”.

        The Integrations page displays the current status of all configured integrations for your organization, including active integrations, integrations with expiring secrets, and integrations pending renewal.

        Setting Up Microsoft 365 Integrations

        The setup wizard is complete in three steps. You will not be asked to enter or handle any credentials at any point during setup.

        Step 1 - Select Integrations

        1. On the Integrations page, click Set Up Microsoft Integrations.
        2. A checklist of available Microsoft integrations is displayed. Check the box next to each integration you want to enable.
        3. Click Next to proceed.

        Step 2 - Authenticate with Microsoft

        1. A Microsoft login popup will appear.
        2. Sign in using a Global Administrator account for your Microsoft 365 tenant.
        3. Review and accept the permission consent prompt. This authorizes AgileBlue to create an Azure app registration in your tenant named AgileBlue M365 Security and assign the required API permissions for the integrations you selected.
        4. Once authentication is complete, a progress screen will display while your integrations are being configured in the background. No further action is required.
        5. After provisioning completes, a confirmation screen will list the integrations that were successfully configured.

        Permissions

        To enable each Microsoft integration, AgileBlue will require access to the following permissions during the setup process.

        Defender for Endpoint:

        Defender XDR:

        Office365:

        Entra ID Entity Analytics:

        Verifying Integration Setup

        To verify that each integration has been successfully enabled, open the Microsoft Azure portal and navigate to Home → Enterprise Applications. All active integrations will appear in the application list prefixed with "Cerulean" - for example, the Office 365 integration will display as Cerulean O365.

        Note: If authentication fails or insufficient permissions are detected, an error message will appear on screen. Confirm that the account used has Global Administrator privileges in your Microsoft tenant and try again.

        Managed Secret Renewal

        AgileBlue manages the full lifecycle of your Microsoft client secret credentials - including all updates and renewals, so no action is required on your part. When a secret is approaching expiration, the credentials will automatically be updated across all affected integrations. Your integrations will remain active and uninterrupted.

        Note: Renewal does not recreate your Azure app registration or modify your existing permissions. Only the client secret value is updated. Your App ID, Tenant ID, and permission assignments remain unchanged.

        Need Help?

        If you have questions or need assistance with the M365 Security Integration, AgileBlue Support is available at support@agileblue.com or by submitting a ticket through the portal.