/
Setting up ATR for Microsoft 365 Cloud

Setting up ATR for Microsoft 365 Cloud

The documentation below outlines the requirements for Barracuda XDR Cloud Automated Threat Response (ATR).

For additional background, download the following: Cloud Automated Threat Response Microsoft 365.

These instructions are for customers using the Microsoft 365 Integration.

To configure the Microsoft 365 Integration to support remediation actions for Automated Threat Response, you must add additional API permissions to the registered application, by following the instructions below.

Note In hybrid environments, changes are not applied to on-premise systems.

Add the new permissions in the Microsoft portal

  1. Log in to the Microsoft portal.

  2. Click Add a permission.

  3. Click Microsoft Graph.

  4. Select Application permissions (not delegated).

  5. Select the following:

    • User.ReadWrite.All

    • User.EnableDisableAccount.All

  6. Click Add permissions to save the changes.

    SOARM365API.png

    SOARM365API1.png

  7. After adding the new permissions, click Grant admin consent.
    This also applies to updates made to previously configured applications.

    SOAR.png

  8. Ensure that the Graph API roles show the following new permissions:

    • Graph API Roles: User.ReadWrite.All, User.EnableDisableAccount.All

  9. Click Save.

To enable ATR in XDR Dashboard

  1. Log in to XDR Dashboard.

  2. Navigate to ATR Settings > Cloud.

  3. In the Cloud table, click the Microsoft 365 row.

  4. Click Edit Config.

  5. Ensure that the Graph API roles show the following new permissions:

    • Graph API Roles: User.ReadWrite.All, User.EnableDisableAccount.All

  6. If the Graph API roles are correct, select the Auto Remediation Enabled checkbox.

    SOARM365API3.png

  7. Click Save.

 

Contact Us
Barracuda Campus
Barracuda Support