How can we help?

Search

Microsoft Defender for Cloud Apps Integration

Netanel Hugi
Netanel Hugi
  • Updated
Torii SMP
Torii Identity

Overview

Torii integrates with Microsoft Defender for Cloud Apps and syncs data for cloud apps discovered users.

  • Torii supports syncing multiple Microsoft Defender for Cloud Apps accounts.
  • You can constantly stay updated with application information from our Integrations Page
    >> Integration Capabilities button >> Integration Capabilities table.

Requirements

Accounts & Permissions

  • To connect this integration, we require the following:
    • Tenant ID
    • Client ID
    • Client Secret

How to Generate the Required Values

  1. Go to App registrations in Microsoft Entra Admin Center > Click New registration
    Screenshot 2025-09-08 at 17.26.23.png
  2. In the Register an application form:
    • Name the app Torii
    • Under Supported account types, select:
      Accounts in this organizational directory only (Single tenant)
    • Under Redirect URI, select Web and enter:
      https://api.toriihq.com/api/auth/microsoftDefenderForCloudApps/callback
    • Click Register
      Screenshot 2025-09-08 at 17.26.43.png
  3. Go to API permissions > Click Add a permission:
    Screenshot 2025-09-08 at 17.28.07 (1).png
    • Choose Microsoft APIs > Microsoft Graph
      Screenshot 2025-09-08 at 17.28.17.png 
    • Choose Application permissions > Select CloudApp-Discovery.Read.All > Click Add permissions

      Screenshot 2025-09-08 at 17.28.23.pngScreenshot 2025-09-08 at 17.29.36.png
    • Click Add a permission again
    • Choose APIs my organization uses, search for Microsoft Cloud App Security > Application permissions > Select investigation.read > Click Add permissions

      Screenshot 2025-09-08 at 17.30.30.png
  4. Click Grant admin consent and confirm.
    Screenshot 2025-09-08 at 17.30.42.png
  5. Go to Certificates & secrets > Click New client secret

    Screenshot 2025-09-10 at 15.46.22.png
    • Enter a description and expiration
    • Click Add

      Screenshot 2025-09-10 at 15.46.31.png
    • Copy the Value (not the Secret ID) – this is your Client Secret
  6. From the Overview page, copy the Client ID and Tenant ID

How to Connect the Integration

  1. Go to the Integrations page in Torii
  2. Select the Microsoft Defender for Cloud Apps tile
    Screenshot 2025-09-08 at 17.34.43.png
  3. Click Connect
  4. Enter the following credentials:
    • Tenant ID
    • Client ID

    • Client Secret

      Screenshot 2025-09-08 at 17.35.38.png

  5. Click Connect to finalize the integration.
    In the new consent screen, press Consent on behalf of your organization to proceed.
  6. Once the integration is connected and synced, a green checkbox will appear
    Screenshot 2025-09-08 at 17.40.48.png

Known Limitations

  • This integration relies on uploaded streams that have been modified in the last 90 days only
  • The logs within uploaded streams are from the last 90 days only
  • Torii does not process uploaded streams that anonymize user data

Q&A

Q: What happens if the client secret expires?

A: You will need to provide a new client secret and reconnect the integration.



 

For any further questions, please contact Torii Support.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request