# Microsoft Entra ID (Legacy)

{% hint style="info" %}
This page refers to an older version of our Microsoft Entra ID integration. For the latest setup guide and features, please visit the new integration page: [Microsoft Entra ID](/integrations/directory-integrations/microsoft-entra-id.md)
{% endhint %}

### Before you begin

Make sure you have the ability to grant application consent requests. This ability is granted by the Global Administrator role.

### Setting up Entra ID

1. Navigate to "Integrations" on [p0.app](https://p0.app), then select "Entra ID":

<figure><img src="/files/ACvecivloxEIqwhs1fmX" alt="" width="375"><figcaption></figcaption></figure>

2. Enter your directory's tenant ID, then click "Begin installation":

<figure><img src="/files/ukGxdsQX3lBwQBp4CBYB" alt="" width="375"><figcaption></figcaption></figure>

3. Click "Install integration". This will take you to Microsoft's site and present you with a consent screen. Required permissions:

<div align="center"><img src="/files/TLRFECyaZ9i9U9Kr2ZjM" alt=""></div>

4. Check all items, and click accept. After a moment, P0 will read your directory and display the number of connected groups.

{% hint style="danger" %}
If you do not grant all scopes to P0, the installation may succeed, but certain functionality will fail at a later time.
{% endhint %}

| Scope                              | Description                                |
| ---------------------------------- | ------------------------------------------ |
| AuditLog.Read.All                  | Read all audit log data                    |
| Group.Read.All                     | Read all groups                            |
| GroupMember.Read.All               | Read all group memberships                 |
| GroupMember.ReadWrite.All          | Read and write all group memberships       |
| Reports.Read.All                   | Read all usage reports                     |
| RoleManagement.ReadWrite.Directory | Read and write all directory RBAC settings |
| User.Read.All                      | Read all users' full profiles              |

### Configuring Entra ID

1. Select the directory field that contains each user's email address:

<figure><img src="/files/pxROM7IuYF9gsFhSdnvL" alt="" width="375"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/integrations/directory-integrations/microsoft-entra-id-legacy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.