> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Sentinel

> Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise — fast.

## Creating a Microsoft Sentinel connection

Create the connection by using one of the following methods:

* [OAuth](#using-oauth)
* [App Registration](#using-app-registration)

### Using OAuth

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the **Microsoft Sentinel** icon. A dialog box with name of the connection and connection methods appear.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Click **Microsoft Sentinel** to authenticate using OAuth.
5. Sign in using your credentials.

<Info>
  Need admin approval? please refer to the [Need Admin
  Approval](/docs/integrations/microsoft-sentinel/admin-approval) guide.
</Info>

### Using App Registration

To create the connection you need:

* A Client ID
* A Client Secret
* A Tenant ID

### Obtaining the credentials

#### Creating the App

1. Log into the [Azure Portal](https://portal.azure.com/#home).

2. Go to the *Microsoft Entra ID* resource.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/azure_active_directory.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=57246fca73df6e9ce3f39594b5c944bf" alt="Azure Active Directory Resource" width="2760" height="1602" data-path="img/ActiveDirectory/azure_active_directory.png" />

3. In the left-hand menu, click **App registrations**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/app_registrations.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=aa4834712de9b57c079d56adb68abc7f" alt="App Registrations" width="495" height="853" data-path="img/ActiveDirectory/app_registrations.png" />

4. Create a new application registration or click on one of your existing applications.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/my_app1.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=bc11b1db3698cb119e105eaa7e699f6b" alt="My App" width="2628" height="1138" data-path="img/ActiveDirectory/my_app1.png" />

5. In the left-hand menu, click **API permissions**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/api_permissions.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=b0ed7c3e06ffd15e35fb078b7b3f0e78" alt="API Permissions" width="320" height="853" data-path="img/ActiveDirectory/api_permissions.png" />

6. Click **Add a permission** and select **Microsoft Graph**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/add_permission.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=036e402e171051eb562e528089ba7d9f" alt="Add Permission" width="1920" height="832" data-path="img/ActiveDirectory/add_permission.png" />

7. Choose **Application permissions** and mark the permissions you wish to add.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/application_permissions.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=96ae24085dfac2547b72a7abbc82eca4" alt="Application Permissions" width="1919" height="833" data-path="img/ActiveDirectory/application_permissions.png" />

To support all Blink actions, these are the required **application** permissions:

| Required Permissions                  |
| ------------------------------------- |
| SecurityActions.ReadWrite.All         |
| SecurityAlert.ReadWrite.All           |
| SecurityAnalyzedMessage.ReadWrite.All |
| SecurityEvents.ReadWrite.All          |
| SecurityIncident.ReadWrite.All        |

8. Click **Add permissions** to save the changes.

9. Click **Grant admin consent for `<your tenant>`** on the API permissions page. **Only admins can grant consent**.

   <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/grant_admin_consent.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=ae92df915ab2cd3ffb8d3241752e6e56" alt="Grant Admin Consent" width="1319" height="833" data-path="img/ActiveDirectory/grant_admin_consent.png" />

10. Confirm that the added permissions are now verified.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/granted_azure.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=2d18748d4cede7a080065283e0f118a4" alt="Granted Admin Consent" width="2050" height="642" data-path="img/ActiveDirectory/granted_azure.png" />

11. Navigate to **Overview** and Copy your **client ID** and **tenant ID**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/client_tenant.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=7faa71341ef29fce86e62d436472e630" alt="Client ID & Tenant ID" width="3438" height="1266" data-path="img/ActiveDirectory/client_tenant.png" />

#### Assign role to App[​](#assign-role-to-app "Direct link to Assign role to App")

12. In Azure portal, search and click on **Microsoft Sentinel**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_get.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=8fae9dee1f31d981fd35a690b640c5fb" alt="Client Secret" width="2934" height="1688" data-path="img/MicrosoftSentinel/sentinel_get.png" />

13. Select your account and click on **Resource Group**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_resourcegroup.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=5a094066c59c4d34c4043da82614f429" alt="Client Secret" width="2876" height="1566" data-path="img/MicrosoftSentinel/sentinel_resourcegroup.png" />

14. Under the resource group, navigate to **Access control (IAM)**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_IAM.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=4f1d75d2012e8dd9ba927e8b52a05c90" alt="Client Secret" width="3022" height="1566" data-path="img/MicrosoftSentinel/sentinel_IAM.png" />

15. Navigate to **Role Assignments** > Click **Add** > **Add role assignment**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_addrole.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=9d27f9e2644f83f79a3284eed3f8833e" alt="Client Secret" width="2946" height="1568" data-path="img/MicrosoftSentinel/sentinel_addrole.png" />

16. Under the **Role** tab, search for sentinel roles and select the `Microsoft Sentinel Contributor` role.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_role.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=35877a45e34e5c268d0811033aeb06a7" alt="Client Secret" width="2930" height="1550" data-path="img/MicrosoftSentinel/sentinel_role.png" />

17. Navigate to the **Members** tab, under **Assign access to** select **User, group, or service principal**. Click **+ Select members** and on the right side menu, select your app.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_selectrole.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=13f9896c8040d7d3116c92ed5c2e0225" alt="Client Secret" width="2474" height="1300" data-path="img/MicrosoftSentinel/sentinel_selectrole.png" />

18. Under **Review + assign**, see your app and click on **Review + assign**.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_assigrole.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=9eeba241e225dbfbd9b7ec9d9bc8c7c9" alt="Client Secret" width="2980" height="1566" data-path="img/MicrosoftSentinel/sentinel_assigrole.png" />

19. Go back to **Access control (IAM)** and verify that your app has been assigned with the required role.

    <img src="https://mintcdn.com/blinkops-2/SvXOjNzLNjf-qU4G/img/MicrosoftSentinel/sentinel_result.png?fit=max&auto=format&n=SvXOjNzLNjf-qU4G&q=85&s=40ef6a313be2aff0a857f24a744e68be" alt="Client Secret" width="2994" height="1556" data-path="img/MicrosoftSentinel/sentinel_result.png" />

#### Create and copy a secret

19. Go back to your app's **Overview** page, create a new **client secret**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/secret.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=9d1dfac219ab431a28a8c0d5219b96f1" alt="Client Secret" width="3250" height="1252" data-path="img/ActiveDirectory/secret.png" />

20. Copy the **secret value**.

    <img src="https://mintcdn.com/blinkops-2/LiDiL34PEmIGHJGK/img/ActiveDirectory/secret_value.png?fit=max&auto=format&n=LiDiL34PEmIGHJGK&q=85&s=8c7709585443b3044f2c17e3e9493ed9" alt="Client Secret" width="2672" height="1312" data-path="img/ActiveDirectory/secret_value.png" />

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Microsoft Entra ID** icon. A dialog box with name of the connection and connection methods appear.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **App Registration** as the method to create the connection.

5. Fill in the parameters:

   * The client ID
   * The client secret
   * The tenant ID

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.

8. Search and click on **Microsoft Sentinel**.

### Interactive Tutorial Guides[​](#interactive-tutorial-guides "Direct link to Interactive Tutorial Guides")

You can also refer to the following tutorial guides for a more in-depth understanding of how to create a Microsoft Sentinel connection.

[Creating a Microsoft Sentinel Connection](https://demo.arcade.software/NuXgB2Jwg3CGyxQ40wmL?embed\&show_copy_link=true)

[Creating a Microsoft Sentinel Connection in Blink Ops](https://demo.arcade.software/FYa87gGUQWLYKzrfbVar?embed\&show_copy_link=true)