Skip to main content

Microsoft Defender For Endpoint Configuration Guide

1. Introduction

The Base Endpoint URL, Client ID, Client Secret, and Tenant ID are required in order to configure Microsoft Defender in ASCERA.

2. Prerequisites

Ensure you have created an Active Directory Application. Please see the steps for creating an app to access Microsoft Defender for Endpoint without a user.

3. Microsoft Defender For Endpoint Setup Guide

3.1. Generate a secret in App registration

Log in to your Azure Console instance with administrative privileges.
Click Certificates & secrets, and add a description and select Add.
Copy and store the secret value; you will not be able to see it again.

3.2. Set API Permissions

Click Manage > API permissions
Add the following permissions
- WindowsDefenderATP
  - Machine.Read.All
  - Machine.ReadWrite.All
  - Machine.Read
  - Machine.ReadWrite
Make sure to Grant admin consent

3.3. Parameter Retrival

In order to be able to create a Connector Profile, you will need the below inputs:

URL: The Base Endpoint URL for your App Registration. For example, https://api-us3.securiytcenter.microsoft.com/api
Client ID: The Client Id. You can get the id under App Registration → Overview → displayed at the top.
Client Secret: This is the Client Secret from step 3.1.
Tenant ID: This is the value in the App Registration → Overview → displayed at the top.

1. Introduction
2. Prerequisites
3. Microsoft Defender For Endpoint Setup Guide