Microsoft Defender for Endpoint (aka ATP) – Devices
About
Microsoft Defender for Endpoint provides real-time monitoring and threat detection for device management. Users can take advantage of the platform's automated remediation, analytics, and security compliance features to build and maintain a proactive endpoint protection strategy.
Why You Should Integrate
Integrating with Microsoft Defender for Endpoint will provide visibility into a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud to identify your endpoint coverage.
How Does the Integration Work
This integration pulls machine objects from Microsoft Defender for Endpoint security console that meet the following criteria.
- Devices last seen according to your configured retention period
- Devices that the user (ApplicationID) has access to, based on device group settings
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
If you haven't already, please review our instructions for configuring the Microsoft Active Directory integration before proceeding with the instructions below.
Configuration Options
Tenant ID
This access schema includes all device assets associated with your Tenant ID.
| Field | Description | Example |
|---|---|---|
Tenant ID* | The unique tenant ID associated with the devices you would like to import into Sevco | 00000000-0000-0000-0000-000000000000 |
Tenant ID and Onboarding Status Settings
This access schema only includes device assets associated with your Tenant ID that belong to the categories you have selected.
| Field | Description | Example |
|---|---|---|
Tenant ID* | The unique tenant ID associated with the devices you would like to import into Sevco | 00000000-0000-0000-0000-000000000000 |
Include Onboarded Status | Imports devices that are in an Onboarded status into your Device Inventory | n/a |
Include Insufficient Info Status | Imports devices that are in an Insufficient Info status into your Device Inventory | n/a |
Include Can Be Onboarded Status | Imports devices that are in a Can Be Onboarded status into your Device Inventory | n/a |
Include Unsupported Status | Imports devices that are in an Unsupported status into your Device Inventory | n/a |
Source Documentation
Creating credentials
See platform documentation for details on Microsoft Defender for Endpoint - Creating Credentials
Required Permissions
The following permission(s) are required:
Machine.Read.All
Click here for instructions on editing application permissions.
API Documentation
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, epp-edr
Updated 4 months ago