Skip to main content

Microsoft Defender For Endpoints Microsoft Defender For Endpoints

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Creating a Microsoft Defender For Endpoints Connection

Create the connection by using one of the following methods:

Stage One: The Azure Portal

To create the connection you need:

  • A Client ID
  • A Client Secret
  • A Tenant ID

Obtaining the Credentials

note

Please note, when you hover when you move your cursor to the lower part of the arcade screen, navigation tabs will emerge. These tabs enable you to freely navigate through the tutorial at your convenience.

Obtaining the Credentials Written Step-By-Step Guide

  1. Log into the Azure Portal.

  2. Go to the Microsoft Entra ID resource.

  3. In the left-hand menu, click App registrations.

  4. Select the app for which you want to grant permission.

  5. In the left-hand menu, click API permissions.

  6. Click Add a permission and select WindowsDefenderATP.

  7. Click Application permissions and select the following permission:

    • Machine.ReadWrite.All
    • User.Read
    • Machine.Isolate
    • Machine.LiveResponse

  8. Click Add permissions to save the changes.

  9. Click Grant admin consent for <your tenant> on the API permissions page.

Creating your Connection using App Registration or OAuth

Creating your Connection using App Registration Written Step-By-Step Guide

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the Microsoft Defender For Endpoints icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select App Registration as the method to create the connection.
  5. Fill in the parameters:
    • The Client ID
    • The Client Secret
    • The Tenant ID
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.

Creating your Connection using OAuth Written Step-By-Step Guide

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the Microsoft Defender For Endpoints icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Click OAuth to authenticate using OAuth.
  5. Sign in using your credentials.