This article will provide an overview of the onboarding process for the ContraForce XDR module.
Overview
The ContraForce Defender XDR module plays a crucial role in assisting partners and customers who rely on the Microsoft Defender XDR product suite. To facilitate the onboarding process for ContraForce, it is necessary to consent to various Enterprise applications via the user-friendly ContraForce Onboarding wizard. In order to provide a comprehensive understanding of the onboarding process, each step will be outlined in detail below. By following these steps, users can seamlessly integrate ContraForce into their existing systems and maximize the benefits of the Microsoft Defender XDR suite.
If you are trying to onboard ContraForce to an Azure Sentinel instance, select the SIEM or XDR + SIEM deployment modules. If you have any questions about this, contact the ContraForce Support Team at support@contraforce.com.
1. Sign into the ContraForce Onboarding Wizard
When you begin the onboarding process for ContraForce, the ContraForce team will provide you with a link to the ContraForce Onboarding Wizard. The first step is to sign into the onboarding wizard using an admin user account that has the necessary permissions for onboarding. It's important to note that the user you sign in with must be a Global Admin and have the ability to consent to enterprise applications for your organization.
2. Consent the ContraForce API and ContraForce Portal
Once you have signed in with your admin user as outlined in step 1, the next step is to provide consent for the ContraForce API and ContraForce Portal enterprise applications. First, you will need to consent to the API, which is shown in the screenshot above. After that, you will need to consent to the ContraForce Portal, which is displayed below.
For the purposes of this article, the ContraForce development applications were used.
3. Select the ContraForce XDR Module
To start the onboarding process, navigate to the Onboarding Wizard menu and choose the XDR module. Once you have selected the correct module, click on "Consent Microsoft Defender XDR." This action will initiate the deployment of the XDR module.
4. Consent ContraForce MDE
Once you launch the ContraForce Onboarding Wizard, a series of application consent windows will appear for the selected module.
5. Add Additional Users
During the deployment process, you have the option to add additional users to your ContraForce environment. Simply search for the users by their email addresses and assign the appropriate permissions to each one that you add. If you need guidance on which permissions are suitable for each role, you can find a detailed overview of our permissions here. This step is the final one in the deployment wizard. Once completed, you will see a message indicating the successful completion of the deployment and a button to continue to the ContraForce Portal.
6. Authorize ContraForce Service Principals
To enable the use of Gamebooks in ContraForce, you need to provide consent for the ContraForce Service Principals. This can be found within the Workspaces page by clicking the gear icon.
When it comes to "Gamebooks for Microsoft Defender XDR," make sure to select the "Consent" option. It's important to note that if you are connecting a child workspace (customer) to a partner workspace (parent), an additional "Consent for Partner" button will be displayed for you to click on.
7. Onboarding Complete
At this point, the onboarding wizard has finished and gamebooks have been authorized for use in the ContraForce environment. If Defender incidents exist, they will appear in the ContraForce portal.
Supporting Documentation
ContraForce V2.0.0 Service Principals
ContraForce Portal Service Principal
ContraForce API Service Principal