Microsoft Azure

The Azure integration connects HomeBase to Microsoft Entra ID (Azure AD), Microsoft Defender, Azure Monitor, and Activity Logs — providing unified identity risk, threat intelligence, and cloud posture data.

What's ingested

• Entra ID (Azure AD) — users, groups, sign-in logs, risky users, and conditional access events.
• Microsoft Defender for Endpoint — device alerts, vulnerability findings, and attack surface data.
• Microsoft Defender for Identity — lateral movement detection and AD attack alerts.
• Azure Monitor / Activity Logs — subscription-level operations, resource mutations.
• Azure Security Center / Defender for Cloud — security recommendations and regulatory compliance findings.

Setup: App registration

1. Register an application in Entra ID

In the Azure Portal, go to Azure Active Directory → App registrations → New registration. Name it HLD HomeBase and select "Accounts in this organizational directory only".

2. Create a client secret

Under Certificates & secrets → New client secret, create a secret with a 24-month expiry. Copy the value immediately.

3. Grant API permissions

Grant admin consent for all permissions after adding them.

4. Register the integration

POST /v1/integrations

{
  "type": "azure",
  "tenant_id": "ten_01hxyz",
  "credentials": {
    "azure_tenant_id": "YOUR_AZURE_TENANT_ID",
    "client_id": "YOUR_APP_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
  },
  "config": {
    "ingest_entra_id": true,
    "ingest_defender": true,
    "ingest_activity_logs": true
  }
}