Note: This integration requires the use of ThreatLocker Agent Version 8.0 or above.

How to Configure the Azure Integration

To begin, navigate to the ThreatLocker portal.

From the left-hand navigation menu, click ‘Integrations’ and click ‘New Integration’.

Click ‘Setup’ next to the Azure icon.

Enter a valid Tenant ID from your Azure Directory and click ‘Open Consent Screen’.

Note: This next step requires a Microsoft administrator account.

Login as an administrator and accept the permissions requested.

If done correctly, the Admin Consent will now state ‘Granted’ and the Configuration tab will become visible.

Click ‘Configuration’, select the Azure groups you’d like to sync from the drop-down menu, and click ‘Add’.

Once you have your Azure groups added, click ‘Save’.

A bar will pop-up to confirm you have successfully saved the Azure integration and you will see the Azure Integration listed on your Integrations page.

How to Apply the Azure Integration to Your Policies

To begin, navigate to the ThreatLocker portal, expand the Application Control menu on the left hand side, and click ‘Application Policies’.

Add a new application policy or edit an existing policy. In the popup window, scroll down to the section asking ‘Which users and groups should this policy apply to?’, choose ‘Let me select users and groups’, select the Azure group(s) this policy should apply to from the drop down menu, and click ‘Add’. 

Please note: It is recommended to select the group name from the drop-down menu to avoid any type-os. The Azure group name must match exactly.

Click ‘Save’.

Note: Our enterprise application used for the integration requires specific pieces of information from the Azure groups and their members in order to function properly. The permissions required for this integration are necessary. ThreatLocker will not read any information other than what is truly required and will not be writing any data.