Skip to main content

Prerequisites

Before you begin, make sure you have:
Global Administrator credentials for your Microsoft 365 / Entra ID tenant
Subscription Owner access in Azure (required for XDR + SIEM module only)
Pop-up blocker disabled for portal.contraforce.com

Choose Your Module

Deployment time: 15–20 minutes
Azure resources: None requiredBest for organizations using Microsoft Defender XDR as their primary security tool. Gives you incident management, Gamebook response actions, entity enrichment, and multi-tenant management.Does not include: Sentinel incidents, CMS detection rules, email notifications, log search.

Step-by-Step Onboarding

1

Sign in to ContraForce

Go to portal.contraforce.com and sign in with your Microsoft 365 credentials.
2

Create your parent workspace

After signing in, you’ll be prompted to create your first workspace. This is your parent workspace — it represents your own organization (not a customer).Enter your organization name and click Create Workspace.
3

Launch the onboarding wizard

Navigate to Settings → Workspace Settings → Module Configuration and click Start Onboarding.Select your module: XDR or XDR + SIEM.
4

Consent to enterprise applications

A pop-up will appear asking you to consent to ContraForce enterprise applications. You must sign in with Global Administrator credentials.You’ll consent to:
  • ContraForce API — Core platform connectivity
  • ContraForce Portal — User interface access
  • Module-specific apps — Defender for Endpoint, Identity, Email, and Sentinel Hunting (varies by module)
If the consent pop-up doesn’t appear, disable your browser’s pop-up blocker for portal.contraforce.com and retry.
5

Configure Azure resources (XDR + SIEM only)

If you selected the XDR + SIEM module, ContraForce will deploy required Azure resources to your subscription.You’ll need Subscription Owner access. Select the Azure subscription and resource group, then click Deploy.This typically takes 3–5 minutes.
6

Authorize Gamebook service principals

Click Authorize Gamebooks to enable response actions. This grants ContraForce permission to execute actions like device isolation, user account disabling, and email deletion through your security tools.
7

Add users and groups

Navigate to Settings → Users & Groups. Add team members and assign them roles:
  • Organizational Admin — Full platform control
  • Workspace Admin — Full workspace control
  • Incident Responder — Investigate and respond
  • Incident Analyst — Read-only access
Create groups first, then assign groups to workspaces. This makes managing access across multiple customer workspaces much easier.
8

Verify deployment

Go to the Command Dashboard. Within 15–30 minutes, you should see incidents syncing from your connected security tools.Test a Gamebook action on a test device or user (not production!) to confirm response actions are working.

What’s Next?

Onboard Your First Customer

Set up a customer workspace with consent flows and role assignment.

Run Your First Gamebook

Learn how to execute response actions from the Workbench.

Still Stuck?

Check Onboarding Troubleshooting for common issues, or contact support@contraforce.com.