For each workspace onboarded to ContraForce, there are multiple enterprise applications that should be consented to enable ContraForce functionality.
Overview
At the start of every ContraForce onboarding, the ContraForce Portal and ContraForce API enterprise applications will be consented. These are the two foundational enterprise applications that must be consented to use ContraForce.
After the two main enterprise applications have been consented, the user can further customize the permissions around ContraForce via the Workspaces > Modules page for the tenant. By default, all service principals will be unconsented. Below a page has been linked for every enterprise application and provides an overview of the permissions associated with each module.
ContraForce Modules
- Sentinel Hunting
- Microsoft Defender XDR
- Gamebooks for Identity
- Gamebooks for Defender XDR
- Microsoft 365 Response
- Microsoft Azure Response
Consenting an Enterprise Application in ContraForce
To consent an enterprise application in ContraForce, navigate to the modules section of your workspace. Click "Add Module" and select all modules that are required for your workspace. Then click confirm.
After adding the module, open the module and scroll to the bottom. You will see a list of all permissions used by the enterprise application that you have selected. Click "Consent" to enable the enterprise application. The consent flow is a 3 step process.
When consenting enterprise applications, make sure the user you are signed in with has Global Admin and Subscription Owner permissions in Azure.
If you have any questions about ContraForce enterprise applications, please email support@contraforce.com.