You need a WithSecure™ Business Account to access Elements Security Center ↗, the management portal for WithSecure™ Elements. There are two scenarios:
- When you purchase the product from a WithSecure partner, the partner typically creates a Business Account for the first administrator in your organization. You will have received an email from WithSecure with a temporary password and a link to log in.
- If your account has not yet been created but you have received a subscription key from your partner, go to elements.withsecure.com/self-register ↗ to create one.
Navigating to Identity Security
Once logged in to Elements Security Center, go to Environment > Cloud > Microsoft Tenants to manage your Entra ID tenants. Detections surface under Events > Broad Context Detections.
Before you begin onboarding, confirm the following requirements are in place.
- Active subscriptions to WithSecure Elements Endpoint Protection and Elements Endpoint Detection and Response.
- You must hold the WithSecure Elements Endpoint Protection administrator role during onboarding.
- You must be able to sign in as a Global Administrator on the Azure account to run the onboarding script in Azure Cloud Shell.
- Your Tenant ID and Subscription ID are known and ready. Find them in the Azure portal — see Get subscription and tenant IDs ↗.
- The subscription is assigned to an Azure Management Group. See Create a management group ↗ if needed.
Register your Azure tenant and configure the Identity Security capability in Elements Security Center.
Add the tenant
- In Elements Security Center, go to Environment > Cloud > Microsoft Tenants and select Add Azure tenant.
- On the Tenant information page, enter a Display name, paste your Tenant ID, and select your Organization. Select Next.
- Set the Importance and Business context for risk evaluations. Select Next.
Connect Identity Inventory (required first)
- Under Security capabilities, select Identity Inventory and then Connect now.
- Read the introduction, select the checkbox to confirm, and select Start.
- Grant the required permissions: if you are the Azure tenant administrator, select Accept Permissions. Otherwise, select Copy URL and send it to your Azure administrator.
Add Identity Security
- Under Security capabilities, select Identity Security and then Add.
- On the Connection details page, enter your Deployment Subscription ID, select a Deployment location, and enter an Email address for notifications (press Enter after typing to save it).
- Select Download to save the
WithSecure Elements XDR Identity Security for Entra ID.ziponboarding file.
Run the onboarding script in Azure Cloud Shell to deploy the Event Hub and diagnostic settings that forward Entra ID logs to WithSecure.
Prepare the Azure environment
- In the Azure portal, temporarily elevate your access: go to your Default Directory > Properties and switch Access management for Azure resources to Yes. Sign out and back in for this to take effect. See Elevate access for a Global Administrator ↗ for full instructions.
- Open Azure Cloud Shell with PowerShell. If this is your first time, you will be prompted to create a storage account instance.
- Upload the
.zipfile you downloaded in Step 3 using Manage files > Upload at the top of the Cloud Shell screen.
Run the deployment script
- Decompress the package and change into the extracted directory:
unzip './WithSecure Elements XDR Identity Security for Entra ID.zip' cd withsecure
- Assign the Owner role to the principal running the script (replace
[userId]with your User Principal Name from Azure):
New-AzRoleAssignment -SignInName "[userId]" -Scope "/" -RoleDefinitionName "Owner"
- Deploy the resources:
./deploy.ps1
Microsoft.PolicyInsights namespace error, go to the subscription’s Resource Providers, find Microsoft.PolicyInsights, and select Register. Then rerun ./deploy.ps1. If the script fails due to an ongoing deployment, wait 15 minutes and retry.Add the Event Hub connection string to Elements Security Center, run the detection test, and finish onboarding by revoking elevated access.
Connect Azure to Elements Cloud
- In Elements Security Center, go to Environment > Cloud > Microsoft Tenants and select your tenant.
- On the Security capabilities page, select Add connection string.
- Copy and paste the full connection string (starting with
Endpoint=sb://) from the Azure CLI output and select Add. - When the status changes to The tenant is protected with a green tick, the connection is live.
Test the detection capability
- In Azure Cloud Shell, run the testing tool:
./WithSecureIdentitySecurityTestingTool.ps1
- Wait for the script to complete and confirm that app registrations were created and then deleted.
- In Elements Security Center, go to Events > Broad Context Detections and confirm a detection named WithSecure test detection add application appears. Close it once confirmed.
Finish onboarding — revoke elevated access
- Remove the Owner role assignment:
Remove-AzRoleAssignment -SignInName "[userId]" -Scope "/" -RoleDefinitionName "Owner"
- In the Azure portal, return to Default Directory > Properties and switch Access management for Azure resources back to No.
Additional resources
Here are links to common resources for additional information about WithSecure™ Elements Identity Security for Entra ID.
Video walkthrough — Onboarding Entra ID Response Actions
Step-by-step video guide covering the full onboarding flow for WithSecure XDR Identity Security
User guide — Elements Identity Security for Entra ID
Full administrator documentation covering onboarding configuration, deployed infrastructure, detection logic, ongoing management, and offboarding
WithSecure Community
Stay up to date with product announcements and release notes, get answers to your questions, and share product ideas
Knowledge Base
Troubleshooting articles and how-to guides for resolving issues with deployment, detections, connectivity, and ongoing management