ContraForce onboarding is split into two parts. Pick the guide that matches your role.Documentation Index
Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
Use this file to discover all available pages before exploring further.
Part 1: MSP / Service Provider
Grant Microsoft access, set up your Agent Center, connect your own security tools, and pre-onboard customer workspaces.
Part 2: Customer Admin
Your service provider has pre-onboarded your workspace. Click the invite link, grant consent, and complete the Setup Wizard.
Before You Begin
What both sides need
| Requirement | Who needs it |
|---|---|
| Microsoft Entra Global Administrator | First sign-in from each tenant requires an admin to grant ContraForce consent (one-time) |
Pop-ups allowed for portal.contraforce.com | Microsoft consent prompts open in popup windows |
| Active Microsoft 365 license with Defender capabilities (Business Premium, E3, or E5) | Customer side, for Defender-based detection and response |
What service providers also need
| Requirement | Why |
|---|---|
| ContraForce sign-up link | Provided by your account team to start your own onboarding |
| Customer’s Microsoft Entra tenant ID | Required to pre-onboard a workspace for them |
| Customer’s primary point-of-contact email | Receives the invite that starts the customer’s wizard |
What customers also need
| Requirement | Why |
|---|---|
| Invite email from your service provider | The link in this email is your onboarding entry point |
| Azure Subscription Owner | Only required if Microsoft Sentinel is among the pre-selected detection modules |
How the Two Parts Connect
Module Reference
The detection and response modules your customer ends up using depend on what your service provider pre-selects in Step 6 of MSP onboarding. Use this matrix to decide what to pre-select.| Capability | Defender for Endpoint | Sentinel |
|---|---|---|
| Defender for Endpoint incidents | ✓ | ✓ |
| Entity enrichment | ✓ | ✓ |
| Gamebook response actions | ✓ | ✓ |
| Multi-tenant management | ✓ | ✓ |
| Sentinel incidents | – | ✓ |
| Detection rules (CMS) | – | ✓ |
| Email notifications | – | ✓ |
| Log search | – | ✓ |
| Azure Lighthouse | – | ✓ |
Selecting Sentinel as a detection module triggers ContraForce to deploy the supporting Azure infrastructure in the customer’s subscription automatically. The customer doesn’t run a separate Azure deployment step.
Per-module deep-dives
Microsoft Sentinel Module
What Sentinel adds and what gets deployed in the customer’s Azure subscription
Defender for Endpoint Module
Defender for Endpoint detection and response details
CrowdStrike Modules
CrowdStrike detection and response options
SentinelOne Module
SentinelOne detection and response
CMS Module
Content Management System for Sentinel detection rules (Sentinel only)
Notifications Module
Email notifications for incidents (Sentinel only)
Verifying a Successful Deployment
Run these checks after a customer finishes their wizard.Immediate verification
- Customer workspace appears in your Workspace Center with Active status (not Pending customer setup)
- You received the real-time Customer onboarding complete notification in the portal
- Each pre-selected module shows Connected in the customer’s workspace
- Incidents start appearing on the Command Dashboard within 5 to 15 minutes
If incidents don’t appear
- Check the source system (Defender, Sentinel, CrowdStrike) for active incidents. ContraForce syncs existing incidents, so if there are none in the source, none will appear in ContraForce
- Verify all pre-selected modules in the customer’s wizard reached Connected status
- For Sentinel customers, allow 5 to 10 extra minutes after wizard completion for the Azure infrastructure to finish deploying
Common Issues
| Issue | Likely cause | Solution |
|---|---|---|
| Consent popup doesn’t appear | Pop-up blocker | Allow pop-ups for portal.contraforce.com |
| Consent fails with permissions error | Non-admin user | Forward the admin consent link to a Global Admin |
| Sign In Failed page | Consent skipped or stuck session | See troubleshooting in Part 1 or Part 2 |
| No incidents appearing | No active incidents in source | Check Defender/Sentinel/CrowdStrike console |
| Customer workspace stuck in Pending customer setup | Customer hasn’t completed wizard | Resend the invite or contact the POC |
Next Steps After Onboarding
Incident Management
Learn how to triage and respond to incidents
What Are Gamebooks?
Automated response workflows
Command Dashboard
Monitor security posture across workspaces
Multi-Tenant Features
Manage multiple customers efficiently
Questions about onboarding? Contact us at support@contraforce.com.