Merge pull request #1463 from SEKOIA-IO/azure_ad_change_name

Update references to "Azure AD" to "Microsoft

_shared_content/automate/actions.md

@@ -95,7 +95,7 @@ These helpers need their associated trigger to function properly:
 
 ## Third-party applications
 
-- [Azure AD](library/azure-active-directory.md)
+- [Microsoft Entra ID (Azure AD) ](library/entra-id.md)
 - [Fortigate Firewalls](library/fortigate-firewalls.md)
 - [HarfangLab](library/harfanglab.md)
 - [Panda Security](library/panda-security.md)

_shared_content/automate/library/azure-active-directory.md → _shared_content/automate/library/intra_id.md

@@ -1,14 +1,14 @@
-# Azure Active Directory
+# Microsoft Entra ID (Azure AD) 
 
-![Azure Active Directory](/assets/playbooks/library/azure-active-directory.svg){ align=right width=150 }
+![Microsoft Entra ID (Azure AD) ](/assets/playbooks/library/entra-id.svg){ align=right width=150 }
 
-[Azure Active Directory (Azure AD)](https://azure.microsoft.com/en-us/services/active-directory/#overview) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
+[Microsoft Entra ID (Azure AD)](https://azure.microsoft.com/en-us/services/active-directory/#overview) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
 
 ## Configuration
 
 | Name      |  Type   |  Description  |
 | --------- | ------- | --------------------------- |
-| `tenant_id` | `string` | ID of the Azure AD tenant |
+| `tenant_id` | `string` | ID of the Microsoft Entra ID (Azure AD)  tenant |
 | `client_id` | `string` | Client ID. An application needs to be created in the Azure Portal and assigned relevent permissions. Its Client ID should then be used in this configuration. |
 | `client_secret` | `string` | Client Secret associated with the registered application. Admin Consent has to be granted to the application for it to work. |
 | `username` | `string` | The username of the delegated account used for some administrative tasks (eg: reset password) |
@@ -18,7 +18,7 @@
 
 ### Delete app
 
-Delete an app in azure AD. Requires the Application.ReadWrite.OwnedBy or Application.ReadWrite.All.
+Delete an app in Microsoft Entra ID (Azure AD) . Requires the Application.ReadWrite.OwnedBy or Application.ReadWrite.All.
 
 **Arguments**
 
@@ -28,7 +28,7 @@ Delete an app in azure AD. Requires the Application.ReadWrite.OwnedBy or Applica
 
 ### Disable User
 
-Disable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
+Disable an Microsoft Entra ID (Azure AD)  user. Requires the User.ReadWrite.All permission.
 
 **Arguments**
 
@@ -39,7 +39,7 @@ Disable an Azure Active Directory user. Requires the User.ReadWrite.All permissi
 
 ### Enable User
 
-Enable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
+Enable an Microsoft Entra ID (Azure AD)  user. Requires the User.ReadWrite.All permission.
 
 **Arguments**
 
@@ -50,7 +50,7 @@ Enable an Azure Active Directory user. Requires the User.ReadWrite.All permissio
 
 ### Get SignIns
 
-Get the last sign ins of an Azure AD user. Requires the AuditLog.Read.All and Directory.Read.All permissions.
+Get the last sign ins of an Microsoft Entra ID (Azure AD)  user. Requires the AuditLog.Read.All and Directory.Read.All permissions.
 
 **Arguments**
 
@@ -67,7 +67,7 @@ Get the last sign ins of an Azure AD user. Requires the AuditLog.Read.All and Di
 
 ### Get User
 
-Get information about an Azure Active Directory user. Requires the User.Read.All permission.
+Get information about an Microsoft Entra ID (Azure AD)  user. Requires the User.Read.All permission.
 
 **Arguments**
 
@@ -129,7 +129,7 @@ Get information about an user's authentication methods (such as their MFA status
 
 ### Reset User Password
 
-Reset a user's password. You will need UserAuthenticationMethod.ReadWrite.All deleguated permission. And to disable the MFA authentication in your azure AD
+Reset a user's password. You will need UserAuthenticationMethod.ReadWrite.All deleguated permission. And to disable the MFA authentication in your Microsoft Entra ID (Azure AD) 
 
 **Arguments**
 
@@ -153,4 +153,4 @@ Invalidates all the refresh tokens issued to applications for a user. Requires t
 
 ## Extra
 
-Module **`Azure Active Directory` v2.5.4**
+Module **`Microsoft Entra ID (Azure AD) ` v2.5.4**

docs/getting_started/sso/azure.md

@@ -1,14 +1,14 @@
-# Configure Single Sign-on with Azure Active Directory
+# Configure Single Sign-on with Microsoft Entra ID (Azure AD) 
 
 In order to configure Azure with Sekoia.io, the following steps must be done:
 
 1. Create a new application on Azure
 2. Connect to Sekoia.io, add a new domain that belongs to your community and wait for its validation
 3. Configure OpenID Connect in Sekoia.io (see associated documentation [Single Sign-On With OpenID Connect](../SSO_openid_connect.md))
 
-## Create an Azure Active Directory app registration
+## Create an Microsoft Entra ID (Azure AD)  app registration
 
-1. Visit "Azure Active Directory" > "Manage" > [App Registrations](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
+1. Visit "Microsoft Entra ID (Azure AD) " > "Manage" > [App Registrations](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
 2. Use the "+ New registration" button to start the creation
 3. Choose a name and input the redirect URI: https://app.sekoia.io/user/callback
 4. Click on "Register"
@@ -21,9 +21,9 @@ In order to configure Azure with Sekoia.io, the following steps must be done:
 
 ## Restrict access for Sekoia.io to specific users
 
-Azure Active Directory can be configured to prevent some users from accessing Sekoia.io.
+Microsoft Entra ID (Azure AD)  can be configured to prevent some users from accessing Sekoia.io.
 
-1. In "Azure Active Directory" > "Enterprise applications": select your application
+1. In "Microsoft Entra ID (Azure AD) " > "Enterprise applications": select your application
 2. In the "Application | Overview" > "Getting Started" > "1. Assign users and groups"
 
 You are ready to input your configuration to Sekoia.io

docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md → docs/xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md

@@ -1,36 +1,36 @@
 uuid: 19cd2ed6-f90c-47f7-a46b-974354a107bb
-name: Azure Active Directory
+name: Microsoft Entra ID (Azure AD) 
 type: intake
 
 ## Overview
 
-**Azure Active Directory** is a cloud-based Identity and Rights management service. The service is developed and managed by Microsoft Corp.
+**Microsoft Entra ID (Azure AD) ** is a cloud-based Identity and Rights management service. The service is developed and managed by Microsoft Corp.
 
 {!_shared_content/operations_center/detection/generated/suggested_rules_19cd2ed6-f90c-47f7-a46b-974354a107bb_do_not_edit_manually.md!}
 
 {!_shared_content/operations_center/integrations/generated/19cd2ed6-f90c-47f7-a46b-974354a107bb.md!}
 
 ## Configure
 
-To forward **Azure Active Directory** events from Azure to Sekoia.io you need to send your event to an Azure **Event Hub** where Sekoia.io will collect the events.
+To forward **Microsoft Entra ID (Azure AD) ** events from Azure to Sekoia.io you need to send your event to an Azure **Event Hub** where Sekoia.io will collect the events.
 <div style="text-align: center;">
     <img width="100%" alt="image" src="/assets/operation_center/integration_catalog/cloud_and_saas/event_hub/consume_azure_logs.png">
 </div>
 
 ### Prerequisite
 
-You must have Contributor write on Azure to perfom the following installation.
+You must have Contributor write on Azure to perform the following installation.
 
 {!_shared_content/operations_center/integrations/event_hub.md!}
 
-### Send logs from Azure Active Directory to Azure Event Hub
+### Send logs from Microsoft Entra ID (Azure AD)  to Azure Event Hub
 
-When you have an **Event Hub** follow this guide to send your **Azure Active Directory** events from Azure to the **Event Hub**:
+When you have an **Event Hub** follow this guide to send your **Microsoft Entra ID (Azure AD) ** events from Azure to the **Event Hub**:
 
-You need to activate and configure the **Azure Active Directory** diagnostic settings (e.g. `company-ad`), 
-to receive logs from the **Azure Active Directory** into your **Event Hub**.
+You need to activate and configure the **Microsoft Entra ID (Azure AD) ** diagnostic settings (e.g. `company-ad`), 
+to receive logs from the **Microsoft Entra ID (Azure AD) ** into your **Event Hub**.
 
-Navigate to [Home > Azure Active Directory (e.g. `company-ad`) > Monitoring > Diagnostic settings](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings):
+Navigate to [Home > Microsoft Entra ID (Azure AD)  (e.g. `company-ad`) > Monitoring > Diagnostic settings](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings):
 
 1. Add a new diagnostic setting, and select “Stream to an event hub” and click on configure.
 2. Select the previously created “Event hubs”, “Event Hub” and “SharedAccessKey” (**see step 3 of the event hub guide**).
@@ -46,6 +46,6 @@ Navigate to [Home > Azure Active Directory (e.g. `company-ad`) > Monitoring > Di
 
 ### Create the intake
 
-Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Azure Active Directory`.
+Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Microsoft Entra ID (Azure AD) `.
 
 {!_shared_content/operations_center/integrations/configure_consume_event_hub.md!}

docs/xdr/features/collect/integrations/cloud_and_saas/office365/message_trace.md

@@ -22,7 +22,7 @@ In Sekoia.io XDR, [create a new intake key](xdr/features/collect/intakes/#create
 
 ## Configure OAuth
 
-Collect your Tenant ID from your [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/TenantPropertiesBlade) (for more information read ([How to find your Azure Active Directory tenant ID](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant)).
+Collect your Tenant ID from your [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/TenantPropertiesBlade) (for more information read ([How to find your Microsoft Entra ID (Azure AD)  tenant ID](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant)).
 
 Add application:
 
@@ -51,7 +51,7 @@ Add required permission:
 
 Add required role:
 
-1. From the `Azure Active Directory` page
+1. From the `Microsoft Entra ID (Azure AD) ` page
 2. Open `Roles and administrators`
 3. Search and open `Global Reader`
 4. Use the `+ Add assignments` to add this role to your application

docs/xdr/features/collect/integrations/cloud_and_saas/office365/o365.md

@@ -13,7 +13,7 @@ Office 365 is a line of subscription services offered by Microsoft as part of th
 
 Sekoia.io can pull four categories of logs from Microsoft Office 365 Management API:
 
-- Azure Active Directory audit events (`Audit.AzureActiveDirectory`)
+- Microsoft Entra ID (Azure AD)  audit events (`Audit.AzureActiveDirectory`)
 - Microsoft Exchange audit events (`Audit.Exchange`)
 - Microsoft SharePoint audit events (`Audit.SharePoint`)
 - General audit events not included in the other log categories (`Audit.General`)

docs/xdr/features/detect/built_in_detection_rules_eventids.md

@@ -404,7 +404,7 @@ The colors of the EventIDs in this page should be interpreted as follow:
 | Smbexec.py Service Installation | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>6</a></span>, <span style="color:#B60016"><a href='https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4697' style='color: inherit;'>4697</a></span>, <span style="color:#B60016">7045</span> | Service Control Manager |
 | SysKey Registry Keys Access | elementary | <span style="color:#B60016"><a href='https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4656' style='color: inherit;'>4656</a></span>, <span style="color:#B60016"><a href='https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4663' style='color: inherit;'>4663</a></span> | Microsoft-Windows-Security-Auditing |
 | Credential Dumping By LaZagne | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>10</a></span> | Microsoft-Windows-Sysmon |
-| Microsoft Entra ID (Azure AD) Domain Trust Modification | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>8</a></span> |  |
+| Microsoft Entra ID (Microsoft Entra ID (Azure AD) ) Domain Trust Modification | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>8</a></span> |  |
 | Suspicious HWP Child Process | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>1</a></span> | Microsoft-Windows-Sysmon |
 | Dumpert LSASS Process Dumper | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>7</a></span>, <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>11</a></span> | Microsoft-Windows-Sysmon |
 | Microsoft Defender Antivirus Disabled Base64 Encoded | elementary | <span style="color:#5865d3"><a href='https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events' style='color: inherit;'>1</a></span> | Microsoft-Windows-Sysmon |