サポートと今すぐチャット

オンラインヘルプの参照
登録の完了

サインイン

価格設定をリクエスト

営業担当に連絡

無料評価版

Security Management Platform Global Settings Current - User Guide

コンテンツのナビゲーション

Working with Security Management Platform Global Settings Overview of Security Management Platform Global Settings

Organizations Microsoft Entra tenants

Signing up for Security Management Platform Global Settings

Organizations and regions Signing in to Security Management Platform Quest Security Management Platform Cookie Policy

Modifying Your Consent

Security Management Platform subscriptions

Managing organizations and regions

Geographic regions Multiple organizations Creating a new organization Displaying the organization ID and deployment region Switching organizations Editing organization settings

Restricting access to organizations Renaming organizations

Deleting organizations Security Management Platform endpoint requirements

Adding users and groups to an organization

Users, groups, and roles

Default roles and permissions

Access Control: Roles

Viewing role permissions Creating a custom role Editing a custom role Assigning a role to a user Deleting a custom role

Organization access for Microsoft Entra users

Adding a user to your organization and assigning a role Editing user roles Removing a user from the organization

Organization access through Microsoft Entra group membership

Adding a group to your organization and assigning a role Filtering the groups displayed Editing group roles Removing groups from the organization

Joining an organization prerequisites

Managing your Microsoft Entra tenants and on-premises domains

Tenants overview Adding tenants

GCC and GCC High tenants Prerequisites for adding tenants

Displaying a tenant name change

Managing admin consent permissions

About admin consent status Granting and regranting admin consent About the Status and Actions column About the Microsoft Authentication Library (MSAL) About revoking admin consent

Removing a tenant Managing your on-premises domains On-premises agent prerequisites On-premises agent supported operating systems On-premises agent system configuration requirements On-premises agent endpoint requirements Adding an on-premises agent

About agent installation Agent service account configuration Secure LDAP configuration and deployment Installing the agent using the command shell

Configuring an agent Editing an agent configuration Automatic updates for on-premises agents Removing an agent Adding an Active Directory domain

Editing a domain configuration

Removing a domain

Security Management Platform Home page

Masthead drop-down menu

Announcements and global notifications

Managing global notifications

Information window Security Management Platform Status page Side navigation panel Dashboard

Tenant filter Needs your attention! Product tiles

Configuring settings

Organization Access Control Subscriptions

Subscription details Managing subscriptions

Sharing a subscription via email address Sharing a subscription via serial number Changing Owner When Moving from Trial to Paid Subscription

Subscription expiry

Stage 1: Your subscription expires in X days Stage 2: Subscription expired. Access denied. Stage 3: Subscription expired. Service disabled. Stage 4: Subscription expired. Grace period ended. Stage 5: Subscription expired. Data deleted.

Activity trail Notifications

Managing Notification Templates: Required Permissions Configuring Audit Notification Templates Configuring Security Management Platform Notification Templates Configuring Identity Recovery for Active Directory Notification Templates Configuring Identity Recovery for Microsoft Entra ID Notification Templates Configuring Migration - Self-Service Notification Templates

Documentation roadmap

Global settings

Release Notes

Technical Support

Current operational status Contact support Module product support pages Information and discussion: Quest community forums

Granting and regranting admin consent

You must grant specific admin consents for each Security Management Platform tenant. For example, if you grant access for MyCompany tenant in organization A, and add the MyCompany tenant to organization B, you must grant consent for organization B. In some situations, you might have to regrant consent for an application used by your tenant.

For some consent types, you might also have to assign a role after you grant consent.

To grant admin consent for a tenant

1

Click Tenants in the navigation panel on the left.

2

At the bottom of a tenant tile, click Edit Consents.

The Tenant Consents page for the tenant opens.

In the Status and Actions column, the status information indicates whether admin consent has been granted for the module consent type.

3

If the current status is Not Granted, you can enable the module consent type for this tenant by clicking Grant Consent.

If the current status is Regrant Consent, a change in the required permissions or new functionality might mean that you must regrant consent for a previously granted consent.

4

For the Exchange Online PowerShell consent type, the Exchange Admin Role must be assigned. After you grant consent for Exchange Online PowerShell, click Assign Role.


	NOTE: If you assign a role and immediately refresh the page, the Assignment state might be displayed as "Not Assigned" for a short time until you refresh the page again.

5

To view the permissions that are granted for each consent type, click View Details.


	NOTE: If additional admin consent permissions are required to perform specific tasks within a module, these consent types are listed below the core or basic consent type for the module.

About the Status and Actions column

For the following scenarios, you would click Grant Consent or Regrant Consent in the Status and Actions column.

•

The admin consent token for the module expired, resulting in a status of Consent Required. The status of Consent Required indicates that Security Management Platform cannot obtain a token with delegated permissions based on a previously granted admin consent. To restore the interrupted services, you must regrant consent.

The Consent Required status can be caused if the Microsoft Entra ID Global Administrator account used to grant consent has been changed such as: password change, user role change in the organization, user account was disabled or removed, or all tokens were invalidated for a tenant after a tenant policy update.

•

A new feature in a Security Management Platform product can require that additional permissions be granted. In this scenario, you would click Regrant Consent. For example, when Security Management Platform implemented the new Microsoft Authentication Library (MSAL) in June 2022, admin consents had to be regranted for products that use delegated permissions.

The following Security Management Platform application registrations use delegated permissions:

•

Quest Security Management Platform - Identity Recovery - Basic

•

Quest Security Management Platform - Identity Recovery - Restore

•

Quest Security Management Platform - Migration - Teams

For more information, see About the Microsoft Authentication Library (MSAL).

•

Admin consent has been revoked in the Microsoft Azure portal, resulting in a status of Revoked. If you revoke the Core Basic admin consent in the tenant you will see Revoked status for Core Basic and Not Available for all other modules. The Core Basic application is used to determine the consent status for your tenant. If that consent is revoked, Security Management Platform cannot determine consent status for the rest of the modules. Consent might be granted for the modules, but Security Management Platform cannot verify it.

For this reason, it is strongly recommended that you do not revoke Core Basic consent.

About the Microsoft Authentication Library (MSAL)

The Microsoft Authentication Library (MSAL) provides improved security, is resilient, and allows tokens to be generated with a very granular scope. Since MSAL supports generated tokens with a granular scope, Security Management Platform can use tokens with a narrowed scope when accessing your tenant.

This feature provides a more secure and granular approach for accessing your data. For more information, see Permissions and consent in the Microsoft identity platform.

About revoking admin consent

Completely revoking admin consent removes all permissions granted for the Security Management Platform application. Revoking admin consent is a manual process that must be performed in the Microsoft Azure portal.

NOTE: You can revoke or disable consent in the Microsoft Azure Portal.

Revoking admin consent in the Azure Portal

Revoking admin consent removes all permissions granted for the Security Management Platform application.

To revoke admin consent

1

Log in to the Azure Resource Manager with the credentials for the Microsoft Entra tenant.

2

Click on the Microsoft Entra ID icon in the left menu.

3

In the Active Directory panel, select Enterprise applications.

4

In the Enterprise applications panel, select All applications.

5

Search for and select the Quest Security Management Platform application.

6

In the Manage section of the left menu, select Properties.

7

At the top of the Properties pane, select Delete, and then select Yes to confirm you want to delete the application from your Microsoft Entra tenant.

Alternately, to disable consent, you can disable a user from signing in.

To disable a user from signing in

1

Sign in to the Azure portal as the global administrator for your directory.

2

Search for and select Microsoft Entra ID.

3

Select Enterprise applications.

4

Search for and select the Quest Security Management Platform application.

5

Select Properties.

6

Select No for Enabled for users to sign-in?.

7

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択