Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide is for customer admins whose service provider has pre-onboarded their workspace in ContraForce. You’ll receive an invite email from your service provider. Click the link to start.
Who is this for?
  • Customer security or IT admins completing the wizard their MSP/MSSP started for them
  • Global Administrators in the customer’s Microsoft Entra tenant who need to grant ContraForce access
If your sign-in fails before you reach the wizard, jump to Troubleshooting: Sign-in failed.

Prerequisites

RequirementWhy
Microsoft Entra Global AdministratorRequired the very first time anyone from your tenant signs in, to grant ContraForce permission to read your security data
Invite email from your service providerThe link in this email is your onboarding entry point
Pop-ups allowed for portal.contraforce.comThe Microsoft consent prompts open in a popup window
If you aren’t a Global Administrator, ContraForce will not be able to complete consent. Forward your invite link to a Global Admin in your organization and have them click it instead, or use the Email Your Admin option on the sign-in failed page.

Step 1: Grant ContraForce Access to Your Tenant

When you click the link in your invite email, you’ll be redirected to Microsoft to sign in. The first time anyone from your organization signs in, a Global Administrator must approve ContraForce.
1

Click the invite link

Open the email from your service provider and click the onboarding link.
2

Sign in as a Global Administrator

You’ll be redirected to Microsoft. Sign in with your Global Admin credentials.
3

Review the requested permissions

Microsoft displays a consent screen listing the permissions ContraForce needs to read security data from your tenant.
Microsoft consent dialog showing ContraForce API permissions
4

Accept on behalf of your organization

Check Consent on behalf of your organization and click Accept.
Second Microsoft consent screen with the org-wide checkbox highlighted
This is a one-time approval. Once a Global Admin grants consent, the rest of your team can sign in normally.

Step 2: Sign In

After consent is granted, sign in with your admin account. ContraForce recognizes that your service provider has already created your workspace, so you’ll skip account creation and go straight into the Setup Wizard.

Step 3: The Setup Wizard

The wizard walks you through connecting your security tools to ContraForce. It’s mostly automatic. The modules your service provider pre-selected are already chosen for you, and you just confirm them and grant consent for each one.

3a. Connect Detection Sources

The wizard shows the detection modules your MSP pre-selected (for example, Microsoft Sentinel and Defender XDR).
1

Review the pre-selected detection modules

Each module your service provider chose appears with a Connect button.
Wizard detection step showing pre-selected modules
Detection modules with Connect buttons highlighted
2

Click Connect on each module

A Microsoft consent prompt opens. Sign in if prompted, review the permissions, and click Accept.
Microsoft sign-in step for the detection module consent
Permissions review step for the detection module consent
Final accept step for the detection module consent
3

Wait for the green checkmark

Each module shows Connected once consent succeeds. You can connect modules in any order.
Wizard with detection modules showing the Connected state
Microsoft Sentinel customers: Connecting Sentinel triggers ContraForce to deploy the supporting Azure infrastructure in your subscription automatically. You don’t need to run a separate Azure deployment step. The deployment runs in the background after you grant consent. Allow a few minutes for resources to appear.

3b. Connect Response Modules

Same flow as detection. Confirm each pre-selected response module and grant consent.
1

Review the pre-selected response modules

Response modules enable Gamebook actions like isolating devices, disabling users, and quarantining files.
Wizard response step showing pre-selected modules
2

Click Connect on each module

Complete the Microsoft consent prompt for each one.
Microsoft sign-in step for the response module consent
Permissions review step for the response module consent
Final accept step for the response module consent

3c. Wizard Complete

When every module is connected, the wizard shows a completion screen and hands you off to the Command page.
Wizard completion screen with the Go to Dashboard button
Your service provider receives a real-time notification when you finish the wizard, so they know your workspace is ready.

Step 4: Get Started Checklist

The first time you land on the Command page, you’ll see the Get started with ContraForce panel. It lists what’s left to do. The customer checklist is shorter than the MSP version because your service provider already handled the agent center and account setup.
ItemWhat it means
Connect detection sourcesFinish any detection modules you skipped in the wizard
Connect response modulesFinish any response modules you skipped in the wizard
Get started checklist on the Command page
If you completed every module in the wizard, both items will already be checked and the panel will hide itself.

Re-opening the Detection or Response Picker

Click Start next to either item. ContraForce takes you straight to your Workspace settings → Modules tab with the matching drawer (Detection or Response) already open.
Workspace settings Modules tab with the Detection drawer open
Select any module that wasn’t in your wizard set, click Add, and complete the Microsoft consent prompt.
Workspace settings Modules tab with the Response drawer open
If you close these panels, you can always re-open them by clicking the Add Module buttons on the Modules tab.
Modules tab showing the Add detection module button
Modules tab showing the Add response module button

Troubleshooting: Sign-in Failed

If you click your invite link and see a Sign In Failed page, it’s almost always because:
  • You aren’t a Global Administrator and ContraForce hasn’t been pre-approved for your tenant yet
  • A previous sign-in attempt got into a bad state
Need admin approval

What to do

1

Click Sign out in the top right

This clears any stale session that might be blocking sign-in.
2

If you're a Global Admin, click Try Again

Sign in. Microsoft will show the consent screen. Accept it, and you’ll proceed into the wizard.
3

If you're not a Global Admin, click Email Your Admin

Or copy the Admin Consent Link from the page and send it to a Global Admin in your organization. Once they accept, return to your invite link and click Try Again.
Don’t keep retrying the same sign-in repeatedly without signing out. Repeated failures can compound the bad-session state and require a browser cache clear to recover.

Next Steps

Command Dashboard

Your home base for incident triage across your environment

Incident Management

How to triage, investigate, and respond to incidents

What Are Gamebooks?

Automated response workflows you can run from any incident

Workbench Overview

The investigation command center
Need help? Contact us at support@contraforce.com.