Issue
The following error shows when trying to complete the streaming API settings for the data export to Red Canary in Azure AD:
Environment
Microsoft Defender for Endpoint
Resolution
A step in the provisioning process for Microsoft Defender for Endpoint is providing Red Canary with contact information for a user with Azure Global Administrator rights. An email invitation for connecting to the Red Canary Azure tenant is sent to this user account. If the account is not able to accept email or the invitation is misplaced, the user can accept permissions by logging in to the following link with their GA credentials.
https://portal.azure.com/microsoft-production.redcanary.co
Note: You should be prompted upon login to review and accept certain permissions. If you do not see this, try accessing the link again via an incognito/private window.
Once this is complete, repeat the steps to configure the data export configuration in your Azure instance. See Connecting Red Canary to your Microsoft Defender for Endpoint deployment for additional information on setup.
Cause
The Global Administrator from your Azure AD instance must accept the invitation to connect with the Red Canary Azure tenant prior to setting up the API connection needed for sending telemetry to Red Canary.
Comments
0 comments
Please sign in to leave a comment.