diff --git a/_shared_content/automate/actions.md b/_shared_content/automate/actions.md
index 9790402945..0cb3775fe6 100644
--- a/_shared_content/automate/actions.md
+++ b/_shared_content/automate/actions.md
@@ -95,7 +95,7 @@ These helpers need their associated trigger to function properly:
## Third-party applications
-- [Azure AD](library/azure-active-directory.md)
+- [Microsoft Entra ID (Azure AD) ](library/entra-id.md)
- [Fortigate Firewalls](library/fortigate-firewalls.md)
- [HarfangLab](library/harfanglab.md)
- [Panda Security](library/panda-security.md)
diff --git a/_shared_content/automate/library/azure-active-directory.md b/_shared_content/automate/library/intra_id.md
similarity index 81%
rename from _shared_content/automate/library/azure-active-directory.md
rename to _shared_content/automate/library/intra_id.md
index 7411959134..af9d40b21a 100644
--- a/_shared_content/automate/library/azure-active-directory.md
+++ b/_shared_content/automate/library/intra_id.md
@@ -1,14 +1,14 @@
-# Azure Active Directory
+# Microsoft Entra ID (Azure AD)
-{ align=right width=150 }
+{ align=right width=150 }
-[Azure Active Directory (Azure AD)](https://azure.microsoft.com/en-us/services/active-directory/#overview) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
+[Microsoft Entra ID (Azure AD)](https://azure.microsoft.com/en-us/services/active-directory/#overview) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
## Configuration
| Name | Type | Description |
| --------- | ------- | --------------------------- |
-| `tenant_id` | `string` | ID of the Azure AD tenant |
+| `tenant_id` | `string` | ID of the Microsoft Entra ID (Azure AD) tenant |
| `client_id` | `string` | Client ID. An application needs to be created in the Azure Portal and assigned relevent permissions. Its Client ID should then be used in this configuration. |
| `client_secret` | `string` | Client Secret associated with the registered application. Admin Consent has to be granted to the application for it to work. |
| `username` | `string` | The username of the delegated account used for some administrative tasks (eg: reset password) |
@@ -18,7 +18,7 @@
### Delete app
-Delete an app in azure AD. Requires the Application.ReadWrite.OwnedBy or Application.ReadWrite.All.
+Delete an app in Microsoft Entra ID (Azure AD) . Requires the Application.ReadWrite.OwnedBy or Application.ReadWrite.All.
**Arguments**
@@ -28,7 +28,7 @@ Delete an app in azure AD. Requires the Application.ReadWrite.OwnedBy or Applica
### Disable User
-Disable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
+Disable an Microsoft Entra ID (Azure AD) user. Requires the User.ReadWrite.All permission.
**Arguments**
@@ -39,7 +39,7 @@ Disable an Azure Active Directory user. Requires the User.ReadWrite.All permissi
### Enable User
-Enable an Azure Active Directory user. Requires the User.ReadWrite.All permission.
+Enable an Microsoft Entra ID (Azure AD) user. Requires the User.ReadWrite.All permission.
**Arguments**
@@ -50,7 +50,7 @@ Enable an Azure Active Directory user. Requires the User.ReadWrite.All permissio
### Get SignIns
-Get the last sign ins of an Azure AD user. Requires the AuditLog.Read.All and Directory.Read.All permissions.
+Get the last sign ins of an Microsoft Entra ID (Azure AD) user. Requires the AuditLog.Read.All and Directory.Read.All permissions.
**Arguments**
@@ -67,7 +67,7 @@ Get the last sign ins of an Azure AD user. Requires the AuditLog.Read.All and Di
### Get User
-Get information about an Azure Active Directory user. Requires the User.Read.All permission.
+Get information about an Microsoft Entra ID (Azure AD) user. Requires the User.Read.All permission.
**Arguments**
@@ -129,7 +129,7 @@ Get information about an user's authentication methods (such as their MFA status
### Reset User Password
-Reset a user's password. You will need UserAuthenticationMethod.ReadWrite.All deleguated permission. And to disable the MFA authentication in your azure AD
+Reset a user's password. You will need UserAuthenticationMethod.ReadWrite.All deleguated permission. And to disable the MFA authentication in your Microsoft Entra ID (Azure AD)
**Arguments**
@@ -153,4 +153,4 @@ Invalidates all the refresh tokens issued to applications for a user. Requires t
## Extra
-Module **`Azure Active Directory` v2.5.4**
\ No newline at end of file
+Module **`Microsoft Entra ID (Azure AD) ` v2.5.4**
\ No newline at end of file
diff --git a/docs/assets/playbooks/library/azure-active-directory.svg b/docs/assets/playbooks/library/azure-active-directory.svg
deleted file mode 100644
index e7b0fc5abd..0000000000
--- a/docs/assets/playbooks/library/azure-active-directory.svg
+++ /dev/null
@@ -1,12 +0,0 @@
-
diff --git a/docs/assets/playbooks/library/entra-id.svg b/docs/assets/playbooks/library/entra-id.svg
new file mode 100644
index 0000000000..b30fbb804e
--- /dev/null
+++ b/docs/assets/playbooks/library/entra-id.svg
@@ -0,0 +1,9 @@
+
+
\ No newline at end of file
diff --git a/docs/getting_started/sso/azure.md b/docs/getting_started/sso/azure.md
index 5c8041ef33..3b680f7a7a 100644
--- a/docs/getting_started/sso/azure.md
+++ b/docs/getting_started/sso/azure.md
@@ -1,4 +1,4 @@
-# Configure Single Sign-on with Azure Active Directory
+# Configure Single Sign-on with Microsoft Entra ID (Azure AD)
In order to configure Azure with Sekoia.io, the following steps must be done:
@@ -6,9 +6,9 @@ In order to configure Azure with Sekoia.io, the following steps must be done:
2. Connect to Sekoia.io, add a new domain that belongs to your community and wait for its validation
3. Configure OpenID Connect in Sekoia.io (see associated documentation [Single Sign-On With OpenID Connect](../SSO_openid_connect.md))
-## Create an Azure Active Directory app registration
+## Create an Microsoft Entra ID (Azure AD) app registration
-1. Visit "Azure Active Directory" > "Manage" > [App Registrations](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
+1. Visit "Microsoft Entra ID (Azure AD) " > "Manage" > [App Registrations](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
2. Use the "+ New registration" button to start the creation
3. Choose a name and input the redirect URI: https://app.sekoia.io/user/callback
4. Click on "Register"
@@ -21,9 +21,9 @@ In order to configure Azure with Sekoia.io, the following steps must be done:
## Restrict access for Sekoia.io to specific users
-Azure Active Directory can be configured to prevent some users from accessing Sekoia.io.
+Microsoft Entra ID (Azure AD) can be configured to prevent some users from accessing Sekoia.io.
-1. In "Azure Active Directory" > "Enterprise applications": select your application
+1. In "Microsoft Entra ID (Azure AD) " > "Enterprise applications": select your application
2. In the "Application | Overview" > "Getting Started" > "1. Assign users and groups"
You are ready to input your configuration to Sekoia.io
\ No newline at end of file
diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md b/docs/xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
similarity index 59%
rename from docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
rename to docs/xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
index fe9b7a9e0e..78e05f57a0 100644
--- a/docs/xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
+++ b/docs/xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
@@ -1,10 +1,10 @@
uuid: 19cd2ed6-f90c-47f7-a46b-974354a107bb
-name: Azure Active Directory
+name: Microsoft Entra ID (Azure AD)
type: intake
## Overview
-**Azure Active Directory** is a cloud-based Identity and Rights management service. The service is developed and managed by Microsoft Corp.
+**Microsoft Entra ID (Azure AD) ** is a cloud-based Identity and Rights management service. The service is developed and managed by Microsoft Corp.
{!_shared_content/operations_center/detection/generated/suggested_rules_19cd2ed6-f90c-47f7-a46b-974354a107bb_do_not_edit_manually.md!}
@@ -12,25 +12,25 @@ type: intake
## Configure
-To forward **Azure Active Directory** events from Azure to Sekoia.io you need to send your event to an Azure **Event Hub** where Sekoia.io will collect the events.
+To forward **Microsoft Entra ID (Azure AD) ** events from Azure to Sekoia.io you need to send your event to an Azure **Event Hub** where Sekoia.io will collect the events.
### Prerequisite
-You must have Contributor write on Azure to perfom the following installation.
+You must have Contributor write on Azure to perform the following installation.
{!_shared_content/operations_center/integrations/event_hub.md!}
-### Send logs from Azure Active Directory to Azure Event Hub
+### Send logs from Microsoft Entra ID (Azure AD) to Azure Event Hub
-When you have an **Event Hub** follow this guide to send your **Azure Active Directory** events from Azure to the **Event Hub**:
+When you have an **Event Hub** follow this guide to send your **Microsoft Entra ID (Azure AD) ** events from Azure to the **Event Hub**:
-You need to activate and configure the **Azure Active Directory** diagnostic settings (e.g. `company-ad`),
-to receive logs from the **Azure Active Directory** into your **Event Hub**.
+You need to activate and configure the **Microsoft Entra ID (Azure AD) ** diagnostic settings (e.g. `company-ad`),
+to receive logs from the **Microsoft Entra ID (Azure AD) ** into your **Event Hub**.
-Navigate to [Home > Azure Active Directory (e.g. `company-ad`) > Monitoring > Diagnostic settings](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings):
+Navigate to [Home > Microsoft Entra ID (Azure AD) (e.g. `company-ad`) > Monitoring > Diagnostic settings](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/DiagnosticSettings):
1. Add a new diagnostic setting, and select “Stream to an event hub” and click on configure.
2. Select the previously created “Event hubs”, “Event Hub” and “SharedAccessKey” (**see step 3 of the event hub guide**).
@@ -46,6 +46,6 @@ Navigate to [Home > Azure Active Directory (e.g. `company-ad`) > Monitoring > Di
### Create the intake
-Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Azure Active Directory`.
+Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Microsoft Entra ID (Azure AD) `.
{!_shared_content/operations_center/integrations/configure_consume_event_hub.md!}
diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/office365/message_trace.md b/docs/xdr/features/collect/integrations/cloud_and_saas/office365/message_trace.md
index 6b02e37b4e..2a7bc033f6 100644
--- a/docs/xdr/features/collect/integrations/cloud_and_saas/office365/message_trace.md
+++ b/docs/xdr/features/collect/integrations/cloud_and_saas/office365/message_trace.md
@@ -22,7 +22,7 @@ In Sekoia.io XDR, [create a new intake key](xdr/features/collect/intakes/#create
## Configure OAuth
-Collect your Tenant ID from your [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/TenantPropertiesBlade) (for more information read ([How to find your Azure Active Directory tenant ID](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant)).
+Collect your Tenant ID from your [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/TenantPropertiesBlade) (for more information read ([How to find your Microsoft Entra ID (Azure AD) tenant ID](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant)).
Add application:
@@ -51,7 +51,7 @@ Add required permission:
Add required role:
-1. From the `Azure Active Directory` page
+1. From the `Microsoft Entra ID (Azure AD) ` page
2. Open `Roles and administrators`
3. Search and open `Global Reader`
4. Use the `+ Add assignments` to add this role to your application
diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/office365/o365.md b/docs/xdr/features/collect/integrations/cloud_and_saas/office365/o365.md
index 01c16a81ac..e3eda68be0 100644
--- a/docs/xdr/features/collect/integrations/cloud_and_saas/office365/o365.md
+++ b/docs/xdr/features/collect/integrations/cloud_and_saas/office365/o365.md
@@ -13,7 +13,7 @@ Office 365 is a line of subscription services offered by Microsoft as part of th
Sekoia.io can pull four categories of logs from Microsoft Office 365 Management API:
-- Azure Active Directory audit events (`Audit.AzureActiveDirectory`)
+- Microsoft Entra ID (Azure AD) audit events (`Audit.AzureActiveDirectory`)
- Microsoft Exchange audit events (`Audit.Exchange`)
- Microsoft SharePoint audit events (`Audit.SharePoint`)
- General audit events not included in the other log categories (`Audit.General`)
diff --git a/docs/xdr/features/detect/built_in_detection_rules_eventids.md b/docs/xdr/features/detect/built_in_detection_rules_eventids.md
index 86e9096ce2..713ac62350 100644
--- a/docs/xdr/features/detect/built_in_detection_rules_eventids.md
+++ b/docs/xdr/features/detect/built_in_detection_rules_eventids.md
@@ -404,7 +404,7 @@ The colors of the EventIDs in this page should be interpreted as follow:
| Smbexec.py Service Installation | elementary | 6, 4697, 7045 | Service Control Manager |
| SysKey Registry Keys Access | elementary | 4656, 4663 | Microsoft-Windows-Security-Auditing |
| Credential Dumping By LaZagne | elementary | 10 | Microsoft-Windows-Sysmon |
-| Microsoft Entra ID (Azure AD) Domain Trust Modification | elementary | 8 | |
+| Microsoft Entra ID (Microsoft Entra ID (Azure AD) ) Domain Trust Modification | elementary | 8 | |
| Suspicious HWP Child Process | elementary | 1 | Microsoft-Windows-Sysmon |
| Dumpert LSASS Process Dumper | elementary | 7, 11 | Microsoft-Windows-Sysmon |
| Microsoft Defender Antivirus Disabled Base64 Encoded | elementary | 1 | Microsoft-Windows-Sysmon |
diff --git a/mkdocs.yml b/mkdocs.yml
index 3ceb409faa..909a4251c0 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -42,7 +42,7 @@ nav:
- Create a sub-community: getting_started/community-create_sub_com.md
- Set up community security:
- SSO with OpenID Connect: getting_started/SSO_openid_connect.md
- - SSO with Azure AD: getting_started/sso/azure.md
+ - SSO with Microsoft Entra ID (Azure AD) : getting_started/sso/azure.md
- SSO with Okta: getting_started/sso/okta.md
- 3. Navigate on the platform: getting_started/navigation.md
- 4. Manage users:
@@ -120,7 +120,7 @@ nav:
- Imperva WAF: xdr/features/collect/integrations/cloud_and_saas/imperva_waf.md
- Jumpcloud Directory Insights: xdr/features/collect/integrations/cloud_and_saas/jumpcloud_directory_insights.md
- Microsoft Azure:
- - Azure Active Directory: xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
+ - Microsoft Entra ID (Azure AD) : xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
- Azure Front Door: xdr/features/collect/integrations/cloud_and_saas/azure/azure_front_door.md
- Azure Database for MySQL: xdr/features/collect/integrations/cloud_and_saas/azure/azure_mysql.md
- Azure Linux: xdr/features/collect/integrations/cloud_and_saas/azure/azure_linux.md
@@ -254,7 +254,7 @@ nav:
- Actions Library:
- AWS: xdr/features/automate/library/aws.md
- Atlassian JIRA: xdr/features/automate/library/atlassian-jira.md
- - Azure Active Directory: xdr/features/automate/library/azure-active-directory.md
+ - Microsoft Entra ID (Azure AD) : xdr/features/automate/library/entra-id.md
- BinaryEdge's API: xdr/features/automate/library/binaryedge-s-api.md
- Censys: xdr/features/automate/library/censys.md
- Certificate Transparency: xdr/features/automate/library/certificate-transparency.md
@@ -434,7 +434,7 @@ nav:
- Actions Library:
- AWS: tip/features/automate/library/aws.md
- Atlassian JIRA: tip/features/automate/library/atlassian-jira.md
- - Azure Active Directory: tip/features/automate/library/azure-active-directory.md
+ - Microsoft Entra ID (Azure AD) : tip/features/automate/library/entra-id.md
- BinaryEdge's API: tip/features/automate/library/binaryedge-s-api.md
- Censys: tip/features/automate/library/censys.md
- Certificate Transparency: tip/features/automate/library/certificate-transparency.md
@@ -542,12 +542,12 @@ plugins:
integrations/aws_cloudtrail.md: xdr/features/collect/integrations/cloud_and_saas/aws/aws_cloudtrail.md
integrations/aws_flow_logs.md: xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md
integrations/aws_s3_logs.md: xdr/features/collect/integrations/cloud_and_saas/aws/aws_s3_logs.md
- integrations/azure-ad.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
+ integrations/azure-ad.md: xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
integrations/azure-linux.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_linux.md
integrations/azure-mysql.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_mysql.md
integrations/azure-network-watcher.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_network_watcher.md
integrations/azure-windows.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_windows.md
- integrations/azure_ad.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
+ integrations/intra_id.md: xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
integrations/azure_front_door.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_front_door.md
integrations/azure_linux.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_linux.md
integrations/azure_mysql.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_mysql.md
@@ -682,7 +682,7 @@ plugins:
operation_center/integration_catalog/application/unbound.md: xdr/features/collect/integrations/application/unbound.md
operation_center/integration_catalog/cloud_and_saas/aws/aws_cloudtrail.md: xdr/features/collect/integrations/cloud_and_saas/aws/aws_cloudtrail.md
operation_center/integration_catalog/cloud_and_saas/aws/aws_flow_logs.md: xdr/features/collect/integrations/cloud_and_saas/aws/aws_flow_logs.md
- operation_center/integration_catalog/cloud_and_saas/azure/azure_ad.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_ad.md
+ operation_center/integration_catalog/cloud_and_saas/azure/intra_id.md: xdr/features/collect/integrations/cloud_and_saas/azure/intra_id.md
operation_center/integration_catalog/cloud_and_saas/azure/azure_linux.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_linux.md
operation_center/integration_catalog/cloud_and_saas/azure/azure_mysql.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_mysql.md
operation_center/integration_catalog/cloud_and_saas/azure/azure_network_watcher.md: xdr/features/collect/integrations/cloud_and_saas/azure/azure_network_watcher.md
diff --git a/scripts/update_mkdocs/ecs_flat.yml b/scripts/update_mkdocs/ecs_flat.yml
index 773cf09f66..b76ac4c6f6 100644
--- a/scripts/update_mkdocs/ecs_flat.yml
+++ b/scripts/update_mkdocs/ecs_flat.yml
@@ -14357,7 +14357,7 @@ threat.software.platforms:
dashed_name: threat-software-platforms
description: "The platforms of the software used by this threat to conduct behavior\
\ commonly modeled using MITRE ATT&CK\xAE.\nRecommended Values:\n * AWS\n *\
- \ Azure\n * Azure AD\n * GCP\n * Linux\n * macOS\n * Network\n * Office\
+ \ Azure\n * Microsoft Entra ID (Azure AD) \n * GCP\n * Linux\n * macOS\n * Network\n * Office\
\ 365\n * SaaS\n * Windows\n\nWhile not required, you can use a MITRE ATT&CK\xAE\
\ software platforms."
example: '[ "Windows" ]'
