Versions Compared

Old Version 1

changes.mady.by.user Jonathan Bellard

Saved on

compared with

New Version Current

changes.mady.by.user Jonathan Bellard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

networks from cyber threats. In this article, we will focus on the steps required to integrate Microsoft Defender for Endpoint with Prismthe platform, a cloud security posture management platform.

...

Before setting up the integration, you need to prepare your instance of Defender to be connected to Prismthe platform. Here are the steps to do so:

...

Note

Depending on the expiration date set, the credentials may need to be regenerated and updated within Prismthe platform. Otherwise, the connected accounts and imports would fail.

Make sure to copy the secret value as it will be obfuscated once you move away from that page.

  • Select "API Permissions" from the menu and click on "Add a permission."

  • In the "Request API permissions" widget on the right side, find "WindowsDefenderATP" permissions under "APIs my organization uses."

  • Select the checkboxes for API permission as shown below and click on "Add Permissions."

    • The following application permissions checkboxes should be selected:

      • AdvancedQuery.Read.All

      • Alert.Read.All

  • For the permission to take effect, please grant admin consent confirmation to the API permissions. Click the "Yes" button.

  • Once the permission is granted, the API permissions page should show successful granted statuses under the "WindowsDefenderATP" permission names.

  • Make note of the "Application (client) ID" and "Directory (tenant) ID" from the overview tab. These IDs will be used within the Connected Accounts setup within Prismthe platform.

The required permissions have been detailed below to troubleshoot any missing permissions or authorization errors.

Permission Name

Permission Display Name

Permission Type

Requirement

Vulnerability.Read.All

Read Threat and Vulnerability Management vulnerability information

Application

Required

Machine.Read.All

Read all machine profiles

Application

Required

SecurityRecommendation.Read.All

Read Threat and Vulnerability Management security recommendation information

Application

Highly recommended

RemediationTasks.Read.All

Read Threat and Vulnerability Management vulnerability information

Application

Highly recommended

Connecting Microsoft Defender for Endpoint to

...

the Platform

After completing the steps to prepare Defender to accept connections from Prismthe platform, follow the steps below to set up the Connected Accounts details:

...

  • Click the "+" box to add your details.

...

  • Prism The platform will ask you for the following details:

    • Name: Provide a recognizable name to use within Prism the platform for your Defender instance.

    • Client ID: This is taken from your Azure setup and is the "Application (client) ID" you made note of earlier.

    • Client Secret: This is taken from your Azure setup earlier when creating your "New Client Secret."

    • Tenant ID: This is taken from your Azure setup and is the "Directory (tenant) ID" you made note of earlier.

By following these steps, you can easily integrate Microsoft Defender for Endpoint with Prismthe platform, enabling you to enhance your security posture and protect your devices and networks from cyber threats.