...
networks from cyber threats. In this article, we will focus on the steps required to integrate Microsoft Defender for Endpoint with Prismthe platform, a cloud security posture management platform.
...
Before setting up the integration, you need to prepare your instance of Defender to be connected to Prismthe platform. Here are the steps to do so:
...
Note |
---|
Depending on the expiration date set, the credentials may need to be regenerated and updated within Prismthe platform. Otherwise, the connected accounts and imports would fail. Make sure to copy the secret value as it will be obfuscated once you move away from that page. |
Select "API Permissions" from the menu and click on "Add a permission."
In the "Request API permissions" widget on the right side, find "WindowsDefenderATP" permissions under "APIs my organization uses."
Select the checkboxes for API permission as shown below and click on "Add Permissions."
The following application permissions checkboxes should be selected:
AdvancedQuery.Read.All
Alert.Read.All
For the permission to take effect, please grant admin consent confirmation to the API permissions. Click the "Yes" button.
Once the permission is granted, the API permissions page should show successful granted statuses under the "WindowsDefenderATP" permission names.
Make note of the "Application (client) ID" and "Directory (tenant) ID" from the overview tab. These IDs will be used within the Connected Accounts setup within Prismthe platform.
The required permissions have been detailed below to troubleshoot any missing permissions or authorization errors.
Permission Name | Permission Display Name | Permission Type | Requirement |
Vulnerability.Read.All | Read Threat and Vulnerability Management vulnerability information | Application | Required |
Machine.Read.All | Read all machine profiles | Application | Required |
SecurityRecommendation.Read.All | Read Threat and Vulnerability Management security recommendation information | Application | Highly recommended |
RemediationTasks.Read.All | Read Threat and Vulnerability Management vulnerability information | Application | Highly recommended |
Connecting Microsoft Defender for Endpoint to
...
the Platform
After completing the steps to prepare Defender to accept connections from Prismthe platform, follow the steps below to set up the Connected Accounts details:
...
Click the "+" box to add your details.
...
Prism The platform will ask you for the following details:
Name: Provide a recognizable name to use within Prism the platform for your Defender instance.
Client ID: This is taken from your Azure setup and is the "Application (client) ID" you made note of earlier.
Client Secret: This is taken from your Azure setup earlier when creating your "New Client Secret."
Tenant ID: This is taken from your Azure setup and is the "Directory (tenant) ID" you made note of earlier.
By following these steps, you can easily integrate Microsoft Defender for Endpoint with Prismthe platform, enabling you to enhance your security posture and protect your devices and networks from cyber threats.