Experiencing a breach?
Select Language
Contact support
Languages
Contact support
Back to Home

placeholder-title

placeholder-link
Back to Home

Login

Back to Home

Languages

English

Getting started with WithSecure™ Elements Identity Security

Follow the steps below to get started with using WithSecure™ Elements Identity Security.

You need a WithSecure™ Business Account to access Elements Security Center ↗, the unified management platform for all WithSecure™ Elements products. There are two scenarios:

  • When you purchase the product from a WithSecure partner, the partner typically creates a Business Account for the first administrator in your organization. You will have received an email from WithSecure with a temporary password and a link to log in.
  • If your account has not yet been created but you have received a subscription key from your partner, go to elements.withsecure.com/self-register ↗ to create one.
Prerequisite: Elements Identity Security requires Elements Endpoint Detection and Response to be configured first. If you haven’t done this yet, follow the EDR quick start guide ↗ before continuing.

Before starting the onboarding, make sure you have the following ready. The deployment runs a PowerShell script in Azure Cloud Shell and requires temporary elevated access in Azure.

  • Global Administrator access on the Azure account — required to run the onboarding script
  • Tenant ID and Subscription ID from the Azure portal — you’ll need these during onboarding in Elements Security Center
  • Deployment location — the Azure region where the new resources will be created
  • Azure Management Group — the subscription must be assigned to a Management Group before deployment
  • Email address for notifications — Microsoft will send alerts to this address if the Event Hub reaches capacity
What gets deployed: The onboarding script creates a resource group (WSecCD) in your Azure tenant containing an Event Hub, diagnostic settings that forward Entra ID logs to WithSecure, and an alert for Event Hub capacity. This is a one-time setup — after deployment, logs flow to WithSecure continuously. Associated Azure costs are typically €25–30/month for mid-sized organisations.
In Elements Security Center
  1. Log in using your EDR credentials and go to Environment > Cloud > Microsoft Tenants.
  2. Select Add Azure tenant, enter the display name and tenant ID, and follow the wizard to set up Identity Inventory. Accept the permissions for the WithSecure-CSPM-Scanner-MTA enterprise application when prompted.
  3. Under Security capabilities, select Identity Security > Add. Enter the subscription ID, deployment location, and notification email address, then download the WithSecure Elements XDR Identity Security for Entra ID.zip file.
In the Azure portal
  1. Temporarily elevate your Azure access: go to Azure Active Directory > Properties and switch Access management for Azure resources to Yes. Sign out and back in.
  2. Open Azure Cloud Shell (PowerShell mode), upload the zip file using the upload button, then run:
    unzip ‘./WithSecure Elements XDR Identity Security for Entra ID.zip’
    cd withsecure
    New-AzRoleAssignment -SignInName “[your-UPN]” -Scope “/” -RoleDefinitionName “Owner”
    ./deploy.ps1
  3. After deployment, validate the WSecCD resource group in Azure contains the Event Hub and that diagnostic settings are configured.
Back in Elements Security Center
  1. Go to Environment > Cloud > Microsoft Tenants, select your tenant, and select Add connection string. Paste the connection string from Azure Cloud Shell and select Add. Status should change to The tenant is protected within 5 minutes.
  2. Verify detections are working by running the test script in Cloud Shell: ./WithSecureIdentitySecurityTestingTool.ps1. Then go to Events > Broad Context Detections and confirm a test detection called WithSecure test detection add application has appeared.
  3. Finally, revoke the elevated Azure access you granted in step 4: Remove-AzRoleAssignment -SignInName "[your-UPN]" -Scope "/" -RoleDefinitionName "Owner", then switch Access management for Azure resources back to No in the Azure portal.
Note: No additional roles are required to view Identity Security Broad Context Detections. If deployment fails, raise a ticket with WithSecure Customer Care.

User guide — Elements Identity Security

Full documentation covering Azure prerequisites, deployment via PowerShell, infrastructure overview, ongoing management, and offboarding

View Full Guide

WithSecure Community

Stay up to date with product announcements and changelogs, get answers to your questions, and share product ideas

Go to Community

Knowledge base

Troubleshooting and how-to articles covering Azure deployment, Event Hub configuration, Entra ID log forwarding, and detections

Identity Security Knowledge Base