Logo Akuity SOC
Akuity SOC
CYBERSECURITY
Remediation & SOAR

How to deploy a security orchestrator without installing any agents

5 min de lecture Akuity SOC · Delphisoft Deutschland

Learn how Akuity SOC's Zero Agent architecture eliminates deployment friction and secures your Microsoft infrastructure through API.

In the history of corporate IT security, the deployment of a new tool has always been feared by IT departments (IS). The traditional approach, called "Agent-Based", requires installing a small piece of software (an agent or a daemon) on each computer, each server and each domain controller in the company.

This method, while necessary for on-premises antivirus, becomes an unacceptable burden when it comes to deploying a monitoring or orchestration (SOAR) platform. Today, sovereign cloud architectures make it possible to completely overcome this constraint. Learn how deployment worksZero Agentand why it is revolutionizing enterprise and MSSP security.

The hidden frictions of the agent approach

To understand the benefit of Zero Agent, it is necessary to analyze the hidden costs and risks of an infrastructure based on software agents:

  1. The operational maintenance charge:A local agent should be updated regularly. If an agent crashes, if it consumes too much RAM (CPU/RAM) on the accounting server, or if it conflicts with a Windows update, it is the internal IT team that must intervene urgently.
  2. Visibility blind spots:An agent can only monitor what it is installed on. What about the employee who connects to their SharePoint account from their personal tablet or a mobile workstation whose agent has not been updated for three months? These blind spots are the favorite targets of attackers.
  3. Systemic security risk (Supply Chain):A security agent runs with the highest privileges of the operating system (rightsSYSTEMOrroot). If the security software publisher suffers a compromise of its update servers, the attacker instantly obtains full administrator access to your entire IT fleet.

The modern alternative: Cloud-to-Cloud orchestration via API

The architecture of a next-generation SOC orchestrator like Akuity is based on a different philosophy:do not duplicate what Microsoft already does very well.

If your business already uses Microsoft 365 licenses, your devices are already monitored by Windows Defender and managed by Microsoft Intune. These tools natively collect logs and have the necessary remediation rights. The SOAR orchestrator therefore does not need to bring its own agent; All it needs to do is connect directly to Microsoft's secure APIs in the cloud.

Immediate integration through oAuth consent

The deployment of Akuity SOC is carried out in “Self-Service” mode. The company or MSSP administrator clicks a connect button. It is then redirected to the official Microsoft Entra ID interface to grant administrator consent based on the secure protocoloAuth 2.0.

By validating this consent, you authorize the Akuity SOC application to exchange data in an exclusive and highly secure manner with Microsoft Graph API endpoints. Deployment takes exactly 60 seconds. No files.exeOr.msiis not pushed over the network. No server restart is required.

Strict control by the principle of least privilege

Unlike a third-party agent that requires full and opaque access to the operating system, Graph API integration transparently displays the exact list of permissions required for SOC operations:

  • SecurityActions.ReadWrite.All: Allows SOAR to order the blocking of an indicator (IP or Hash) or to initiate emergency remediation.
  • DeviceManagementManagedDevices.ReadWrite.All: Allows you to interconnect it with Intune to list the compliance of the fleet and trigger the network isolation of the machines.
  • Directory.ReadWrite.All: Essential for carrying out identity actions, such as instant revocation of web sessions of a hacked user account.

In addition, access to these APIs is doubly locked by our architecture. On the database side, the mechanism ofRow-Level Security (RLS)of PostgreSQL guarantees that no command can overflow the analyst's Workspace. On the user side, the Next.js middleware blocks and rejects any remediation command if the operator's session has not been validated by a strong second factor (AAL2 level MFA).

Conclusion: Speed, lightness and absolute safety

Zero Agent eliminates the technical friction of deployment while strengthening your security posture. You get instant 360-degree visibility into your cloud and endpoints, without burdening your machines or exposing your infrastructure to third-party vulnerabilities.

Ready to deploy your SOAR in less than 5 minutes?> Experience the lightness of ourAgentless Microsoft Security SOAR Orchestratorand connect your first test tenant today.

Page Solution Associée

Agentless Microsoft Security SOAR Orchestrator

Reduce your MTTR with 1-Click SOAR orchestration for Microsoft Security. Immediate API integration, zero agents and automated network containment.

Découvrir la solution complète

Articles du même cluster

Why your SMB needs a Microsoft Defender SOAR (and not just a SIEM)

Discover the fundamental difference between a SIEM and a SOAR for your SME. Reduce your MTTR and automate your Microsoft incident response.

Lire →

How to isolate a ransomware-infected workstation with Microsoft Intune

Learn how to trigger emergency network isolation of a compromised machine via Microsoft Intune and the Graph API from your SOAR console.

Lire →

M365 Phishing Purge: Delete an entire email

A phishing campaign targeting your employees? Learn how to run a global email purge (Soft-Delete) via Microsoft Graph Security.

Lire →

The Complete Guide to Microsoft Graph API Permissions for Security

Discover the Microsoft Graph API permissions essential to manage secure SOAR (Least Privilege) and automate your cyber remediation.

Lire →