The default responses sent from the Cyber Risk Aware platform would be in the form of email or training issued to the offending user. However, we are constantly adding further response types to meet our customers needs. Once such response is in the form of a Skype for Business IM. The steps to configure this on the customer server are illustrated below.
Registration of Cyber Risk Aware application in Azure AD
The first step is to register the Cyber Risk Aware client within your Azure tenant. This can be done with the following steps.
- Login to your Azure Portal at https://portal.azure.com
- Select Azure Active Directory
- Select App Registrations
4. Select New Application Registration
5. In the panel that appears, enter a Name for the application, select Native for the Application Type and provide any URI for the Redirect URI (this isn't used by the application). Click Create.
6. In the summary screen, make note of the Application ID. This will be used later.
7. Click the Settings button in the summary screen. Then select Required Permissions in panel that appears.
8. In the next panel. select Add and then Select an API.
9. Search for and select Skype for Business Online. Then press select.
10. Select the permissions shown below and press select.
11. You will be returned to the Required Permissions panel. Select Grant Permissions.
Import the Cyber Administrator User to Active Directory
All communications in Skype need to come from another user. We use the one account for this to limit the amount of configuration and Skype for Business licences needed by our customers.
We have a user in the Cyber Risk Aware Active Directory with the username email@example.com. This user will need imported as a guest to your Azure Active directory. They will also need to be associated with the application registered above. Steps for this are listed below:
1. Open your Azure Active Directory and Select All Users.
2. Select New Guest User
3. In the next panel, enter the email address firstname.lastname@example.org and click invite.
4. Next navigate back to the Active Directory home and select Enterprise Applications.
5. Select the application we registered in the previous section (CraApplication)
6. In the Application - Overview screen, click on the 0 under the Total Users heading
7. In the next screen, we want to add the email@example.com guest user. So click Add User.
8. Select the firstname.lastname@example.org user and click assign
9. This will now have associated the user with the registered application and give them the correct rights to send the Skype IM responses.
Configuration within the Orchestrator for the Skype for Business responses is minimal. We need to tell the Orchestrator what the Application Id is (from step 6 of the first section above). We also need to tell the Orchestrator which attribute in the LDAP holds the Skype address for a user (typically the mail attribute). Finally the Orchestrator needs to be made aware of the companies domain name, for example cyberriskaware.com (Note: this is the domain used in Microsoft Azure, not the individual users email domain - this will sometimes differ). To do this, follow the steps below.
1. Open the Orchestration Manager portal and select Edit Settings.
2. Update the properties as should above where:
AD Skype Identifier = The LDAP property that holds the users Skype address (typically the mail property).
Skype Client Identifier = The Application Id (from step 6 of the first section above).
Skype Tenant = the companies domain name, for example cyberriskaware.com (Note: this is the domain used in Microsoft Azure, not the individual users email domain - this will sometimes differ).
3. Click save
This completes the on premise configuration for supporting Skype for Business responses.