icon-itdr.svg
ITDR

Connecting an Entra ID Tenant with the Zscaler ITDR Admin Portal

You can connect an Entra ID tenant with the Zscaler ITDR Admin Portal to run posture scans and monitor change detections. Establishing a connection with Entra ID and running scans requires deployment of additional resources on the Azure cloud. Zscaler ITDR relies on a deployment script to create these resources.

Prerequisites

Before connecting an Entra ID tenant with the ITDR Admin Portal, ensure that you have:

  • An Entra ID account with a Global Administrator role.
  • Obtained Entra ID's Tenant Name, Subscription ID, and Region.
  • Obtained the necessary PowerShell command to run the deployment script using one of the following methods:

Connecting an Entra ID Tenant with the ITDR Admin Portal

Follow these steps to connect an Entra ID tenant with the ITDR Admin Portal:

  • To add an Entra ID tenant to the ITDR Admin Portal:

    1. Go to ITDR > Manage > Entra ID.
    2. Click Add Tenant.

      The Tenant Details window appears.

    3. In the Tenant Details window:

      • Tenant Name: Enter the name of the Entra ID tenant obtained from the Azure Portal.
      • Subscription ID: Enter the subscription ID of the Entra ID tenant obtained from the Azure Portal.
      • Region: Select the region to which the Entra ID tenant belongs from the drop-down menu.
      • Scan Frequency: Select a preferred frequency at which the posture scans must run for the Entra ID tenant.
      • Scan Time: Select a time of the day when the posture scan must start.
      • Scan Timeout: Enter a time value (in minutes) for the posture scan to time out.

    4. Click Save.
    Close
  • To deploy scanning resources in the Azure Portal:

    1. Sign in to the Azure Portal as a Global Administrator.
    2. Launch Cloud Shell by clicking the Cloud Shell icon on the top navigation bar.

      The Cloud Shell window appears.

    3. In the Cloud Shell window:

      1. Set your shell environment to PowerShell.
      2. Run the deployment script using the command obtained via the automated download method or manual download method.
      3. Enter the option to deploy resources and press Enter.

      Zscaler recommends adding remediation action permissions during the initial deployment. If you do not want to perform remediations, you can skip this step.

    4. Go to App Registrations > All Applications, and locate and click the name of the application that is deployed for ITDR.

    5. On the application page, go to Manage > API permissions.

    6. Click Grant admin consent for <ITDR application name>.

    7. In the Grant admin consent confirmation window, click Yes.

      The required API permissions are granted for ITDR.

      Due to enhancements and updates, the permissions required for connecting an Entra ID tenant might change. In such scenarios, you must run the deployment script again with the following additional options appended to the command:

      Update-AppRegistrationPermissions -Id <ITDRAppID>`

    Close
Related Articles
About Entra ID Posture ScanConnecting an Entra ID Tenant with the Zscaler ITDR Admin PortalObtaining the Deployment Script for AzureEditing an Entra ID Tenant ConnectionDeleting an Entra ID Tenant ConnectionTriggering an On-Demand Scan