> ## Documentation Index
> Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Onboarding Workspaces

> Overview of the ContraForce onboarding flow: how a service provider gets set up, then how a customer admin completes their workspace.

ContraForce onboarding is split into two parts. Pick the guide that matches your role.

<CardGroup cols={2}>
  <Card title="Part 1: MSP / Service Provider" icon="building-shield" href="/guides/onboarding/platform-onboarding">
    Grant Microsoft access, set up your Agent Center, connect your own security tools, and pre-onboard customer workspaces.
  </Card>

  <Card title="Part 2: Customer Admin" icon="user-check" href="/guides/onboarding/customer-workspace-onboarding">
    Your service provider has pre-onboarded your workspace. Click the invite link, grant consent, and complete the Setup Wizard.
  </Card>
</CardGroup>

## Before You Begin

### What both sides need

| Requirement                                                                               | Who needs it                                                                             |
| ----------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| **Microsoft Entra Global Administrator**                                                  | First sign-in from each tenant requires an admin to grant ContraForce consent (one-time) |
| **Pop-ups allowed for `portal.contraforce.com`**                                          | Microsoft consent prompts open in popup windows                                          |
| **Active Microsoft 365 license** with Defender capabilities (Business Premium, E3, or E5) | Customer side, for Defender-based detection and response                                 |

### What service providers also need

| Requirement                                   | Why                                                        |
| --------------------------------------------- | ---------------------------------------------------------- |
| **ContraForce sign-up link**                  | Provided by your account team to start your own onboarding |
| **Customer's Microsoft Entra tenant ID**      | Required to pre-onboard a workspace for them               |
| **Customer's primary point-of-contact email** | Receives the invite that starts the customer's wizard      |

### What customers also need

| Requirement                                 | Why                                                                             |
| ------------------------------------------- | ------------------------------------------------------------------------------- |
| **Invite email from your service provider** | The link in this email is your onboarding entry point                           |
| **Azure Subscription Owner**                | Only required if Microsoft Sentinel is among the pre-selected detection modules |

***

## How the Two Parts Connect

```mermaid theme={null}
sequenceDiagram
    participant MSP as Service Provider
    participant CF as ContraForce
    participant Customer as Customer Admin

    MSP->>CF: Sign up via portal.contraforce.com link
    MSP->>CF: Grant Microsoft consent (Global Admin)
    MSP->>CF: Set up Agent Center, connect own sources
    MSP->>CF: Add customer workspace with pre-selected modules
    CF->>Customer: Invite email
    Customer->>CF: Click invite link, grant Microsoft consent
    Customer->>CF: Run Setup Wizard (connect detection + response)
    CF->>MSP: Real-time notification: customer onboarding complete
```

***

## Module Reference

The detection and response modules your customer ends up using depend on what your service provider pre-selects in Step 6 of MSP onboarding. Use this matrix to decide what to pre-select.

| Capability                      | Defender for Endpoint | Sentinel |
| ------------------------------- | :-------------------: | :------: |
| Defender for Endpoint incidents |           ✓           |     ✓    |
| Entity enrichment               |           ✓           |     ✓    |
| Gamebook response actions       |           ✓           |     ✓    |
| Multi-tenant management         |           ✓           |     ✓    |
| Sentinel incidents              |           –           |     ✓    |
| Detection rules (CMS)           |           –           |     ✓    |
| Email notifications             |           –           |     ✓    |
| Log search                      |           –           |     ✓    |
| Azure Lighthouse                |           –           |     ✓    |

<Note>
  Selecting Sentinel as a detection module triggers ContraForce to deploy the supporting Azure infrastructure in the customer's subscription automatically. The customer doesn't run a separate Azure deployment step.
</Note>

### Per-module deep-dives

<CardGroup cols={2}>
  <Card title="Microsoft Sentinel Module" icon="database" href="/guides/onboarding/microsoft-sentinel-module">
    What Sentinel adds and what gets deployed in the customer's Azure subscription
  </Card>

  <Card title="Defender for Endpoint Module" icon="shield" href="/guides/onboarding/defender-for-endpoint-module-deployment">
    Defender for Endpoint detection and response details
  </Card>

  <Card title="CrowdStrike Modules" icon="cloud" href="/guides/onboarding/crowdstrike-detection-and-response-modules">
    CrowdStrike detection and response options
  </Card>

  <Card title="SentinelOne Module" icon="bolt" href="/guides/onboarding/sentinelone-module">
    SentinelOne detection and response
  </Card>

  <Card title="CMS Module" icon="file-code" href="/guides/onboarding/cms-module">
    Content Management System for Sentinel detection rules (Sentinel only)
  </Card>

  <Card title="Notifications Module" icon="bell" href="/guides/onboarding/notifications-module">
    Email notifications for incidents (Sentinel only)
  </Card>
</CardGroup>

***

## Verifying a Successful Deployment

Run these checks after a customer finishes their wizard.

### Immediate verification

* Customer workspace appears in your Workspace Center with **Active** status (not **Pending customer setup**)
* You received the real-time **Customer onboarding complete** notification in the portal
* Each pre-selected module shows **Connected** in the customer's workspace
* Incidents start appearing on the Command Dashboard within 5 to 15 minutes

### If incidents don't appear

* Check the source system (Defender, Sentinel, CrowdStrike) for active incidents. ContraForce syncs existing incidents, so if there are none in the source, none will appear in ContraForce
* Verify all pre-selected modules in the customer's wizard reached **Connected** status
* For Sentinel customers, allow 5 to 10 extra minutes after wizard completion for the Azure infrastructure to finish deploying

***

## Common Issues

| Issue                                                  | Likely cause                     | Solution                                                                                                                                                                                            |
| ------------------------------------------------------ | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Consent popup doesn't appear                           | Pop-up blocker                   | Allow pop-ups for `portal.contraforce.com`                                                                                                                                                          |
| Consent fails with permissions error                   | Non-admin user                   | Forward the admin consent link to a Global Admin                                                                                                                                                    |
| **Sign In Failed** page                                | Consent skipped or stuck session | See troubleshooting in [Part 1](/guides/onboarding/platform-onboarding#troubleshooting-sign-in-failed) or [Part 2](/guides/onboarding/customer-workspace-onboarding#troubleshooting-sign-in-failed) |
| No incidents appearing                                 | No active incidents in source    | Check Defender/Sentinel/CrowdStrike console                                                                                                                                                         |
| Customer workspace stuck in **Pending customer setup** | Customer hasn't completed wizard | Resend the invite or contact the POC                                                                                                                                                                |

***

## Next Steps After Onboarding

<CardGroup cols={2}>
  <Card title="Incident Management" icon="shield-halved" href="/guides/getting-started/incident-management">
    Learn how to triage and respond to incidents
  </Card>

  <Card title="What Are Gamebooks?" icon="bolt" href="/guides/getting-started/what-are-gamebooks">
    Automated response workflows
  </Card>

  <Card title="Command Dashboard" icon="chart-line" href="/guides/getting-started/command-dashboard">
    Monitor security posture across workspaces
  </Card>

  <Card title="Multi-Tenant Features" icon="buildings" href="/guides/getting-started/multi-tenant-features">
    Manage multiple customers efficiently
  </Card>
</CardGroup>

***

<Note>
  Questions about onboarding? Contact us at [support@contraforce.com](mailto:support@contraforce.com).
</Note>