# Microsoft (MS 365 etc) ## Microsoft Integrations Dropzone AI integrates with [Microsoft 365/Microsoft Defender](https://docs.dropzone.ai/integrations/alert/ms_alert/ms365_alert), as well as [Microsoft Sentinel](https://docs.dropzone.ai/integrations/alert/ms_alert/mssentinel_alert). This document serves as an overview for performing certain steps of their integration. Further information on how to perform the integrations for Microsoft 365/Defender and Microsoft Sentinel can be found on their separate pages. ### Integration Overview To enable these integrations you will perform the following actions: * Register a new application in Microsoft Entra Admin Center * Locate your Client ID, Tenant ID, and create a Client Secret * Assign the necessary API permissions to the application ## Register a New Application in Microsoft Entra Admin Center {% hint style="info" %} Microsoft's documentation for registering an application is available at {% endhint %} * Sign into [your Entra home](https://entra.microsoft.com/#home) as an administrator * In the left sidebar, navigate to Identity > Applications > App Registrations

* Click "New Registration" * Name the new application something memorable, such as "Dropzone AI" * Under "Supported account types," select "Accounts in this organizational directory only (Single tenant)" * Leave the "Redirect URI (optional)" section blank * Click "Register"

### Client ID, Tenant ID, and Client Secret Once the application has been created, it will redirect you to the application's Overview page. {% hint style="info" %} Microsoft's documentation for creating client credentials for an application is available [here](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#add-credentials) {% endhint %} * In the Overview page, copy the Application ID and the Directory ID for use later in the Dropzone UI, where they are called "Client ID" and "Tenant ID" respectively

* Next to "Client credentials," click "Add a certificate or secret"

* Under the Client secrets heading, click "New client secret"

* Enter a description for the client secret, such as "Dropzone AI Integration Secret," and choose an appropriate expiration date. Click "Add" {% hint style="warning" %} Your Dropzone integration will stop working when the client secret expires. Consider setting a calendar reminder to update the key prior to expiration. For convenience's sake, we recommend picking a longer expiration date, to limit the number of times the client secret must be updated. {% endhint %}

* Under "Value," copy the Client Secret Value for use later in the Dropzone UI, where it is called "Client Secret"

{% hint style="danger" %} This value is not shown after you leave this page - be sure to record it immediately. {% endhint %} ## Set Application Permissions * In the application's sidebar, navigate to Manage > API permissions

* Click "Add a permission"

{% hint style="info" %} Depending on the integration you are performing, you will need to add different permissions. See ([Microsoft 365/Microsoft Defender](https://docs.dropzone.ai/integrations/alert/ms_alert/ms365_alert) or [Microsoft Sentinel](https://docs.dropzone.ai/integrations/alert/ms_alert/mssentinel_alert) for more details). For the purpose of this overview, the Microsoft Graph API has been used. {% endhint %} * In the search bar, input the desired API, such as "Microsoft Graph" and select it

* Click "Application permissions" * In the search bar, input the name of the permission your integration requires, then check the box next to it. Continue to do so until all permissions have been added, then click "Add permissions"

For example, add the SecurityEvents.Read.All permission

Once back in the Application API permissions page, you should now see the permissions, such as the following:

* Click "Grant admin consent for \[mycompany.net]"

* Click "Yes"

You should now see all the required permissions listed with a green check mark