Setting up Microsoft Azure (as part of Configuring Microsoft Defender)

Microsoft Azure is a cloud-based security solution that provides advanced threat protection using your on-premises Active Directory signals to identify, detect and investigate threats directed at your organization.

Important! It is required as part of configuring the Microsoft Defender Vulnerability Management with Microsoft Defender for Endpoint Connector.

For information about vulnerabilities and machines use the following links:

For information about permissions, see the Permission Table.

Important! Ensure you must configure this Connector to ingest the required Cisco Vulnerability Management data. For more information, see Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint Connector.

To Setup Microsoft Azure

1. Login to Microsoft Azure.

2. On the main menu, click App registrations.

3. On the App registrations page, click New registration.

4. Name the application and then select Accounts in the organizational directory only radio button.

5. Click the newly created application and select Certificates & Secrets from the menu. Click New Client Secret. Type a Description for the secret, and then in the Expires field, set an expiration date. Click Add..

6. From the menu, click API Permissions, and then click Add.

7. On the Request API permissions page, select WindowsDefenderATP permissions under APIs my organization uses.

8. Click the API permission checkboxes, and then click Add Permissions. For all required WindowsDefenderATP permissions, see the  Permission Table.

9. On the API permissions page in the Grant admin consent confirmation section, click Yes for the permissions to take effect.

10. When the permission is granted, the API permissions page has the following information.

Note: The Cisco Vulnerability Management application client ID and Directory tenant ID. These IDs are required for the connector configuration.

Permission Table

Important! The following WindowsDefenderATP permissions are required. If the permission is not configured as specified, the connector run will fail with a Not Authorized error.

 

Permission

Permission Type

Permission Display Name

Requirement

Vulnerability.Read.All

Application

Read Threat and Vulnerability Management vulnerability information

Required

Machine.Read.All

Application

Read all machine profiles

Required

SecurityRecommendation.Read.All

Application

Read Threat and Vulnerability Management security recommendation information

Required

RemediationTasks.Read.All

Application

Read Threat and Vulnerability Management vulnerability information

Required

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.