sevco.io

Microsoft Defender for Endpoint (aka ATP) – Devices

About

Microsoft Defender for Endpoint provides real-time monitoring and threat detection for device management. Users can take advantage of the platform's automated remediation, analytics, and security compliance features to build and maintain a proactive endpoint protection strategy.

Why You Should Integrate

Integrating with Microsoft Defender for Endpoint will provide visibility into a collection of Machines that have communicated with Microsoft Defender for Endpoint cloud to identify your endpoint coverage.

How Does the Integration Work

This integration pulls machine objects from Microsoft Defender for Endpoint security console that meet the following criteria.

  • Devices last seen according to your configured retention period
  • Devices that the user (ApplicationID) has access to, based on device group settings

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.


⚠️

If you haven't already, please review our instructions for configuring the Microsoft Active Directory integration before proceeding with the instructions below.

Configuration Options

Tenant ID

This access schema includes all device assets associated with your Tenant ID.

FieldDescriptionExample
Tenant ID*The unique tenant ID associated with the devices you would like to import into Sevco00000000-0000-0000-0000-000000000000

Tenant ID and Onboarding Status Settings

This access schema only includes device assets associated with your Tenant ID that belong to the categories you have selected.

FieldDescriptionExample
Tenant ID*The unique tenant ID associated with the devices you would like to import into Sevco00000000-0000-0000-0000-000000000000
Include Onboarded StatusImports devices that are in an Onboarded status into your Device Inventoryn/a
Include Insufficient Info StatusImports devices that are in an Insufficient Info status into your Device Inventoryn/a
Include Can Be Onboarded StatusImports devices that are in a Can Be Onboarded status into your Device Inventoryn/a
Include Unsupported StatusImports devices that are in an Unsupported status into your Device Inventoryn/a

Source Documentation

Creating credentials

See platform documentation for details on Microsoft Defender for Endpoint - Creating Credentials

Required Permissions

The following permission(s) are required:

  • Machine.Read.All

Click here for instructions on editing application permissions.

API Documentation

List Machines API

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].

Tags: cloud, epp-edr