<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=578826073428599&amp;ev=PageView&amp;noscript=1">

Search the Remotely Knowledge Base

Remotely Guided Setup

Tuesday, 07-19-2022

Introduction

This article walks users through setting up Remotely from start to finish. If you are an experienced Azure administrator familiar with the process of onboarding cloud applications, feel free to check out our Quick Start Guide

Prerequisites 

To best utilize Remotely's services, you must configure an Enterprise Application and Service Principal within Azure. The Remotely Service will operate with limited features in the event you do not configure the Azure Cloud components. 

Required Permissions 

For Remotely RMM to connect and ingest data from an Azure tenant, the following permissions must be configured for an enterprise application. For instructions on creating an Enterprise Application please refer to Creating an Enterprise Application.

Delegated permissions
API Graph Claim Value Permissions Type
Microsoft Graph Directory.Read.All Read directory data Delegated
Microsoft Graph  offline_access  Maintain access to data you have given it access to  Delegated
Microsoft Graph  openid  Sign users in  Delegated
Microsoft Graph  profile View users' basic profile  Delegated
Microsoft Graph  User.Read  Sign in and read user profile  Delegated
Application permissions
API Graph Claim Value Permissions Type
Microsoft Graph  DeviceManagementConfiguration.Read.All  Read Microsoft Intune device configuration and policies  Application
Microsoft Graph  DeviceManagementManagedDevices.ReadWrite.All  Read Microsoft Intune devices  Application
Microsoft Graph  Directory.Read.All  Read directory data  Application 
Microsoft Graph  Organization.Read.All  Read organization data  Application
Microsoft Graph  SecurityAlert.Read.All  Read all security alerts  Application
Microsoft Graph  SecurityEvents.Read.All  Read your organization's security events  Application
WindowsDefenderATP  Alert.Read.All  Read all alerts   Application
WindowsDefenderATP  Machine.Read.All  Read all machine profiles   Application
WindowsDefenderATP  Score.Read.All  Read Threat and Vulnerability Management score  Application
WindowsDefenderATP  SecurityRecommendation.Read.All  Read Threat and Vulnerability Management security recommendations   Application
WindowsDefenderATP  Software.Read.All  Read Threat and Vulnerability Management software information  Application
WindowsDefenderATP  Vulnerability.Read.All  Read Threat and Vulnerability Management vulnerability information  Application

 

Application Registration Information 

To enable application registration, Azure requires three data points from your Azure Tenant: 

  • Application (Client) ID 
  • Directory (Tenant) ID 
  • Application Secret 

Company Profile Sign Up

Follow these steps to setup a Company Profile:

  1. Go to the Remotely Web Portal (Contact support for link to application)
  2. Click 'Sign Up' located on the left side of the screen
  3. Complete the profile registration providing the information requested 
  4. Click 'Next'
  5. After clicking 'Next', you will see confirmation that the form has been submitted
  6. In your email inbox, open the verification email and click 'Sign in to Remotely'
  7. You will be redirected to a login page and should log in using the username and password created during sign up

Azure Enterprise Application Configuration

Creating and configuring an Azure Enterprise Application requires access to Azure Active Directory. To learn more on how to create and configure an application, please visit Microsoft's Quick Start Guide.

Cloud Infrastructure Connection

Upon the initial login to the application, you will be presented with a screen guiding you to link to a Cloud Service.  Select the link in the main pane or navigate to the left side menu, and select Settings > Infrastructure.

remotely_documentation__zero_state 

Once in the Infrastructure Settings screen you will need to enter three key pieces of information:

  • Application (Client) ID: This is the unique ID that is given to an enterprise app to identify traffic as its own 
  • Directory (Tenant) ID: This is the home address to tell the app which tenant to talk to in Azure 
  • Application Secret: this is a hashed token password used by Azure to secure communications

remotely_documentation__application_registration

There is a link at the top of the page to Microsoft documentation on how to setup an Enterprise Application for clients needing guidance on collecting the information from their Tenant.

Once the information has been entered click Submit. You will be informed if the connection was successful. If not, please verify that they are no spaces at the end of the Application ID, Directory ID, or Application Secret. 

Once Successful, you will be redirected to the OSA dashboard which will begin to populate immediately. 

Organization Sync

The following steps can be taken to add Organization Views:

  1. Click on 'Organizations' on the left side navigation
    remotely_documentation__org_nav

  2. You will be prompted to add your first Organization by clicking the blue 'Add Organization' button
    remotely__documentation_create_organization

  3. A list of your Azure Tenant Organizations will populate
    remotely_documentation__organization_no_select

  4. Select the Organizations you would like to add by checking the checkboxes located in the left column titled 'Organizations'
    remotely_documentation__select_organization

  5. Select 'Submit' button in bottom right corner
    remotely_documentation__organization_submit

Admin Management

Remotely's Administrator Management settings can be accessed by navigating to Settings > Admin Management.

To add a new administrator:

  1. Select the 'Add Admin' button in the middle of the screen
    remotely_documentation__add_admin

  2. Fill in the required information on the 'Add Admin' form, including a valid business email
    remotely_documentation__admin_information

  3. Designate the role as either Enterprise Admin or Organization Admin
    1. Enterprise Admins: Are granted full visibility and management over all aspects of the application including adding additional administrators
    2. Organization Admins: Are granted limited visibility to only their assigned Organizations. Organization Admins do not have full administrative rights such as updating Azure connections and can only add administrators to their Organizations
  4. Select the 'Send Invite' button
    remotely_documentation__send_invite

Once complete, the Admins table will update with the new administrator information.

Note: Clicking on an admin in the table brings up the editing options the administrator's information. Any update will require a re-verification email to be acknowledged by the admin.

User Interface Overview

Navigation Menu

The left side menu is the main navigation hub allowing access to all views of the data within the application.

remotely_documentation__main_navigation

Breadcrumbs

Several datasets will allow for deeper inspection of the data. When this is utilized the top navigation will build a breadcrumb trail for you to easily navigate back.

remotely_documentation__breadcrumbs

Module Selection

The Remotely service is built with a modular dashboard design, each module of the application has a unique design that fulfills a specific function.

remotely_documentation__module_selection

Data Pane

Each section of the Remotely service will display its data set in the data pane. Elements within this data pane can be manipulated or inspected depending on its context.

remotely_documentation__data_pane

Dashboard Highlights

Dashboard Tiles

In the Enterprise Online Security Assessment (OSA) dashboard, there are several tiles with data points. At the top right you will see the Endpoint Manager Baseline boolean. If a baseline has been configured for this tenant, the boolean will be enabled automatically.

 remotely_documentation__baseline

Microsoft Secure Score

Microsoft Secure score and the sub scores are based on the implementation of security controls within the Azure tenant.  

remotely_documentation__secure_score

Note: This tile is selectable for detailed score metrics including:

  • Identity
  • Device
  • Apps

remotely_documentation__secure_score_details

Learn more by visiting Microsoft's Documentation.

Microsoft Exposure Score

Microsoft’s Exposure score is a calculated metric from Microsoft that matches the Microsoft Security Score against known threats and active attack vectors to determine exploitation vulnerability.

 remotely_documentation__exposure_score

Learn more by visiting Microsoft's Documentation.

Endpoint Manager Compliance

This is the measurement of the distribution of devices within the company which are compliant with the defined Microsoft Endpoint Manager.

remotely_documentation__endpoint_manager_compliance

Learn more on how to create device compliance policies by visiting Microsoft's Documentation.

Azure Managed Licenses

The Azure license graph displays the license allocation for Azure managed licenses showing the number of licenses that are available as well as the number that are currently assigned. 

remotely_documentation__azure_managed_licenses

 

Microsoft Update Rings Assignments

Microsoft Update Rings are the configuration tool used within Azure to define the update and patch cadence for devices in Azure. This helps the organization understand the distribution policies around security, features, and quality-of-life updates from Microsoft.

remotely_documentation__update_rings

Learn more on how to create device compliance policies by visiting Microsoft's Documentation.

Geographic Distribution Information

Geographic distribution information is used to display the location of devices across organizations. Understanding device location is critical in informing administrators where users are located, or if devices have been compromised.

remotely_documentation__geolocation-1

Endpoint Manager Discovered Applications

Discovered Applications provide information on applications and versions that have been found on devices within the Azure tenant.

remotely_documentation__discovered_apps

Note: This tile is clickable for a list of the applications and the devices they have been found on.

remotely_documentation__discovered_apps_table

M365 Defender Software Inventory and Weaknesses

This tile shows the percentage of applications found within the software inventory that have documented vulnerabilities and weaknesses.

Advanced Navigation

The Remotely Service features several advanced navigation and data visualization controls to improve the user experience of the application.

Graph Customization

Each graph within the Remotely service can be tailored to show specific data models. This can be done by simply clicking on the data sets that you wish to hide which adjust the graph in real time.

HubSpot Video

Search

On tables with search enabled, you can search the relevant columns within a table to easily surface data.

 remotely_documentation__search

Filtering

Within a filter enabled table you can open the filter bar to select relevant field values to reduce the scope of data displayed.

remotely_documentation__filter