Microsoft Defender ATP Required Setup

Microsoft Defender ATP in Azure must be configured for the Microsoft Defender for Endpoint TVM Connector to access the necessary data for Cisco Vulnerability Management ingestion.

1) Login to Azure (https://portal.azure.com/).

2) Select App registrations from the main menu.

3) Select New registration.

4) Name the application and select Accounts in this organizational directory only radio button.

5) Click on the newly created application and select Certificates & Secrets from the menu. Select New Client Secret. Enter Description for the secret and set expiration date in the Expires field. Click the Add button.

1. • Depending on the expiration date set, the credentials need to be regenerated and updated in Cisco Vulnerability Management. Otherwise, the connector runs will fail.
   • Make sure to copy the secret value as it will be obfuscated once you move away from that page.

6) Select API Permissions from the menu and click on Add a permission.

7) In the Request API permissions widget on the right side, find WindowsDefenderATP permissions under APIs my organization uses.

8) Select the checkboxes for API permission as shown below and click on Add Permissions.

• See table below for all required WindowsDefenderATP permissions

9) For the permission to take effect please Grant admin consent confirmation to the api permissions. Click the Yes button.

10) Once the permission is granted, the API permissions page will look like the following.

11) Make note of the Cisco Vulnerability Management application client ID and Directory tenant ID. These IDs are required for the connector configuration in Kenna.

Important: The following WindowsDefenderATP permissions are required. If the permission is not configured as specified, The connector run will fail with a “Not Authorized” error.