Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response.
Integrating with Microsoft Defender for Endpoint will provide visibility into a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud to identify your endpoint coverage.
This integration pulls machine objects from Microsoft Defender for Endpoint security console that meet the following criteria.
- Devices last seen according to your configured retention period
- Devices, that the user (ApplicationID) has access to, based on device group settings
- Configure plugin: Configure the plugin with the required fields.
|The unique ID (aka client id) of the app created for access.|
|The value of the app secret (aka client secret) used to authenticate with the source.|
|The unique tenant ID|
Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.
Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.
You'll be asked to provide a app secret (aka client secret) that Sevco will use to connect to Microsoft Defender. This will require the creation of an app in Azure in order to provide API-based access. The following link will step you through creating an account. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide
NOTE: Ensure to input the App Secret Value, not the ID when configuring the plugin.
The following permission(s) are required:
The following link will step you through editing application permissions. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, epp-edr
Updated about 1 month ago