Control Monitor
      Back to home
      1. Knowledge Base
      2. Control Monitor

      Microsoft automated integration setup

      There are 2 methods available to setup Microsoft integrations within the prelude platform.  Option 1 is automated, where the Prelude admin supplies Microsoft Entra credentials to automatically setup the app registration and associated API permissions.  Option 2 is manual configuration, as outlined in this document

      Automated setup (recommended) - requires the user to supply Entra credentials with the required permissions.  

      Fully automated setup can be completed by a user with one of the following Entra roles

      • Global Administrator
      • Privileged Role Administrator

      Automated setup that requires admin consent/approval can be completed by a user with the following Entra role:

      • Application Administrator

      When the integration setup is completed by a member of the application administrator role, the setup will be complete but the API Permissions will be in an unapproved state.  A member of the Global Administrator or Privileged Role Administrator group will need to "Grant Admin Consent" to the app registration and associated API Permissions. 

      Step 1 - Run Connection Wizard from the integrations page (US1 | EU1)

      Click to Configure integration with your Microsoft Entra ID

      Provide credentials that have the necessary Entra role/permissions

      The wizard will configure all Microsoft related integrations that are not already configured.  If you are configuring with an Application Administrator role, there will be some manual steps required to complete the process.

      Grant Admin Consent - The application administrator role can create the app registration, but a Global Admin or Privilege Role Admin must approve by clicking "Grant Admin Consent" for the app registration.  The app registration will have the name "PreludeSCMIntegration:12345678" where the 12345678 is your customer account ID.

      Grant Security Reader Role - The Application Administrator role can create the app registration, but is unable to assign the Security Reader role to the app registration.  Follow the steps below to Grant the Security Reader role to the app registration

      1. Navigate to Entra ID in the Azure portal
      2. Expand Manage and select "Roles and Administrators" on the left hand side
      3. Search for the "Security Reader" role and click on it
      4. On the next screen, select Add Assignment
      5. In the "Search" field, enter the whole App ID that you created in the above steps and assign it to the Security Reader role: