Microsoft Azure is a cloud-based security solution that provides advanced threat protection using your on-premises Active Directory signals to identify, detect and investigate threats directed at your organization.
Important: It is required as part of configuring the Microsoft Defender Vulnerability Management with Microsoft Defender for Endpoint Connector.
For information about vulnerabilities and machines, use the following links:
For information about permissions, see the Permission Table.
Important: Ensure you configure this Connector to ingest the required Cisco Vulnerability Management data. For more information, see Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint Connector.
To Setup Microsoft Azure
1. Login to Microsoft Azure.
2. On the main menu, click App registrations.
3. On the App registrations page, click New registration.
4. Name the application and then select Accounts in the organizational directory only radio button.
5. Click the newly created application and select Certificates & Secrets from the menu. Click New Client Secret. Type a Description for the secret, and then in the Expires field, set an expiration date. Click Add.
6. From the menu, click API Permissions, and then click Add.
7. On the Request API permissions page, under APIs my organization uses, select WindowsDefenderATP permissions.
8. Click the API permission checkboxes, and then click Add Permissions.
Important: The following WindowsDefenderATP permissions are required. If the permission is not configured as specified, the connector run will fail with a Not Authorized error.
Permission |
Permission Type |
Permission Display Name |
Requirement |
Vulnerability.Read.All |
Application |
Read Threat and Vulnerability Management vulnerability information |
Required |
Machine.Read.All |
Application |
Read all machine profiles |
Required |
SecurityRecommendation.Read.All |
Application |
Read Threat and Vulnerability Management security recommendation information |
Required |
RemediationTasks.Read.All |
Application |
Read Threat and Vulnerability Management vulnerability information |
Required |
9. On the API permissions page, in the Grant admin consent confirmation section, click Yes for the permissions to take effect.
10. When the permission is granted, the API permissions page has the following information.
Note: The Cisco Vulnerability Management application client ID and Directory tenant ID. These IDs are required for the connector configuration.
Comments
Please sign in to leave a comment.