![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
π Note
Microsoft has renamed Azure AD to Microsoft Entra ID.
Prerequisite: A Premium Entra ID subscription (P1 or P2) is required for this Hypersync to work.
β
When you create a Hypersync between Hyperproof and Microsoft Entra ID , you can automatically collect proof. The Hypersync for Microsoft Entra ID supports collecting the following proof types:
Microsoft Entra ID proof types and fields
Proof type | Fields | Testable |
Assigned Licenses | Organization, Group, Product Name, License | Yes |
Conditional Access Policies | Name, State, Built-in Controls, Last Updated, Users Included, Users Excluded | Yes |
Group Membership List | Name, Type, E-mail Address | Yes |
List of Applications | Application Name, Application ID, Status, Owner | Yes |
List of Domains | Organization, Verified Domain, Domain ID, Authentication Type, Admin Managed, Verified | Yes |
List of Groups | Name, Object ID, Group Type, Membership Type, E-mail Address, Status, Permissions | Yes |
List of Role Assignments | Name, Type, Scope, Membership, Start Time, End Time | Yes |
List of Service Principals | Organization, Service Principal Type, Service Principal ID, Application ID, Service Principal Name, Type, Enabled, Roles, Permissions | Yes |
List of Subscriptions | Subscription ID, Owner ID, Date Created, Status (Enabled/Disabled), Total Licenses | Yes |
List of Users | Name, User Name, User Type, Directory Synced Password Policy, Password Last Changed, Department, Status, Job Title | Yes |
Password Protection | Banned Password Check On Premises Mode, Enable Banned Password Check, Enable Banned Password Check On Premises, Lockout Duration in Seconds, Lockout Threshold | Yes |
β
This Hypersync supports importing a user list for an access review. See Importing a list of application users with a Hypersync for more information.
This Hypersync supports importing a company directory for an access review. See Importing a directory with a Hypersync for more information.
Additional documentation
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
Permissions
The Microsoft Entra ID Hypersync uses the Microsoft Graph API to retrieve information about users and groups in a Microsoft Entra ID instance. Users of the Hypersync authorize access to their Microsoft Entra ID instance using the OAuth interactive authorization code flow as described in this article.
The Hypersync uses the
Directory.AccessAsUser.Allscope, which grants the Hypersync access to all the directory information accessible by the authorizing user.The Hypersync uses the
Application.Read.Allscope, which grants the Hypersync access to all the application information accessible by the authorizing user.It also uses the
AuditLog.Read.Allscope, which grants the Hypersync read access to all audit log data accessible by the authorizing user.Use the main
Microsoft.Resourcesreader attribute to add the required reader permissions to the service account.
The Microsoft Entra ID Hypersync currently only retrieves user and group information from Microsoft Entra ID. One of the APIs used by the Microsoft Entra ID Hypersync can be found in this article.
Granting tenant-wide access
Click to view instructions
If your organization has Admin consent requests turned off, Hyperproof users can not request access to the Microsoft Entra ID Hypersync. A Microsoft Entra admin must turn on this option so users can send requests. The admin can designate a reviewer or reviewers to approve the requests.
π Note
This only applies to organizations that have the Admin consent requests option turned off.
Log in to the Microsoft Entra ID portal.
Search for Enterprise Applications.
Select the Consent and permissions tab.
From the left menu, click Admin consent settings.
Below Admin consent requests, click Yes.
Add at least one user as a reviewer of these requests.
Optionally, click Yes if you want the reviewer to receive email notifications for requests.
Optionally, click Yes if you want the reviewer to receive request expiration reminders.
Click Save.
Users can now send requests to the reviewer(s).
The reviewer(s) can follow the steps below whenever they receive a request.
Log in to the Microsoft Entra ID portal.
Search for Enterprise Applications.
From the left menu, click Admin consent requests.
From the My Pending tab, click the Microsoft Entra Proof Collector link.
Review the request to ensure it has been requested by an account you recognize.
From the Review permissions and consent tab, youβll be prompted to log in to Hyperproof.
Review the permissions, and then click Accept.
All users in the Microsoft Entra ID tenant can now use the Microsoft Entra ID Hypersync.