What You'll Need
- Global Administrator or Application Administrator role in Microsoft Entra ID
- A Microsoft 365 E5, E5 Security, or Defender for Endpoint P1/P2 license
- ~5 minutes to complete setup
- Your Clariti account with adapter management permissions
Get Your Credentials
If you have already set up the Microsoft Entra ID adapter, you can reuse the same app registration — just add the additional API permissions listed below and re-grant admin consent. See the Microsoft Entra ID guide for the full app registration walkthrough.
In the Azure portal, go to App registrations and select your Clariti app (or create a new one). Under API permissions > Add a permission > Microsoft Graph, add the following Application permissions:
Machine.Read.AllSecurityAlert.Read.AllVulnerability.Read.All
Click Grant admin consent for your tenant. Then go to Certificates & secrets, create a new client secret, and copy its value. You will also need the Application (client) ID from the Overview page and the Directory (tenant) ID.
Enter Credentials in Clariti
| Value from vendor console | Paste into Clariti field |
|---|---|
Directory (tenant) ID | Tenant / Directory ID |
Application (client) ID | Client ID |
Client secret value | Client Secret |
Verify Connection
Click Test Connection in Clariti. A successful connection returns a green checkmark. The first data sync typically completes within a few minutes.
Troubleshooting
- 401 Unauthorized — The client secret may have expired. Generate a new secret in Azure and update it in Clariti.
- 403 Forbidden — Verify that admin consent was granted for all three permissions. Check in Enterprise applications > Clariti > Permissions.
- Timeout — Large tenants with many machines may take longer for the initial sync. Clariti retries automatically.