Citrix Analytics for Security

Microsoft Graph Security integration

Microsoft Graph Security is an external data source that aggregates data from multiple security providers. It also provides access to the user inventory data.

Citrix Analytics currently supports the following security providers from Microsoft Graph Security:

  • Azure AD identity protection
  • Microsoft Defender for Endpoint

For more information on the security providers, see the following links:

To onboard the Microsoft Graph Security data source, you need to obtain the required permissions on behalf of a tenant, from the Microsoft identity platform.

Prerequisites

Before you begin onboarding the Microsoft Graph Security data source, ensure that:

  • The administrator is using the Azure AD Identity Protection (part of the Azure AD Premium P2) security provider.

  • The end user is signed in to Microsoft Store with Work or School accounts.

Onboarding Microsoft Graph Security instances

  1. Go to Settings > Data Sources > Security and then navigate to the EXTERNAL DATA SOURCES section.

  2. Click the plus (+) sign on the Microsoft Graph Security site card. You get redirected to the authorize endpoint.

    MSG Onboarding

  3. On the Microsoft window, sign in using your Azure logon credentials to register an account. Or, select an existing account.

  4. Click Next.

    MSG Onboarding

  5. Click Accept. You get redirected to the Data Sources page. The Microsoft Graph Security data source is now linked to your Citrix Cloud account.

    MSG Onboarding

Turn on or off data processing

To disable data processing, click the vertical ellipsis (⋮) on the site card and select Turn off data processing. It stops Citrix Analytics from processing data for this data source.

You can turn on data processing again by selecting Turn On Data Processing on the site card.

MSG Onboarding

For information on Microsoft Graph Security risk indicators, see Microsoft Graph Security risk indicators.

Microsoft Graph Security integration