Microsoft Defender ATP
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Microsoft Defender ATP

  • Print
  • Share
  • Dark
    Light

Microsoft Defender Advanced Threat Protection (ATP) helps enterprise networks prevent, detect, investigate, and respond to advanced threats.

Parameters

  1. Tenant ID (required) - The Azure Tenant ID.
  2. Client ID (required) - The Application ID of the Axonius application
  3. Client Secret (required) - A user created key for the Axonius application.
  4. Verify SSL (required, default: False) - Verify the SSL certificate offered by Microsoft Defender ATP. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by Microsoft Defender ATP will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by Microsoft Defender ATP* will not be verified against the CA database inside of Axonius.
  5. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Microsoft Defender ATP.
    • If supplied, Axonius will utilize the proxy when connecting to Microsoft Defender ATP.
    • If not supplied, Axonius will connect directly to Microsoft Defender ATP.
  6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

NOTE

For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

  1. Fetch users (required, default: False) - Select whether to fetch information for users associated with fetched devices assets from Microsoft Defender ATP.
    • If enabled, all connections for this adapter will fetch information for users associated with fetched devices from Microsoft Defender ATP.
    • If disabled, all connections for this adapter will not fetch any user data.
  2. Fetch applications (required, default: False) - Select whether to fetch installed application from Microsoft Defender ATP.
    • If enabled, all connections for this adapter will fetch the installed applications on devices.
    • If disabled, all connections for this adapter will not fetch the installed applications on devices.
  3. Fetch vulnerabilities (required, default: False) - Choose whether to fetch devices' vulnerabilities from Microsoft Defender ATP.
    • If enabled, all connections for this adapter will fetch vulnerabilities data from Microsoft Defender ATP.
    • If disabled, all connections for this adapter will not fetch any vulnerabilty data from Microsoft Defender ATP.

image.png

NOTE

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Configuring the application in the Microsoft Azure portal

  1. Log in to the Azure Portal with an administrator account.

  2. Select Azure Active Directory. If you have more than one directory, make sure you are logged in to the right directory. If you are not, click on the top-right account logo and then click "Switch Directory" and select the directory you want Axonius to access.

  3. Select App registrations and click New registration. Fill in the details and click Register.

    image.png

  4. After you have created the app, you should see its Application ID and Directory ID. Keep these values, they are known as Client ID and Tenant ID.

    image.png

  5. In the left menu, click Certificates & Secrets, then click New Client Secret. Click Add and copy the secret.

    image.png

  6. In the left menu, click API Permissions and then Add a permission. Then select 'APIs my organization uses' and select the Microsoft Defender ATP API.

  7. Add the permissions Machine.Read.All, Vulnerability.Read.All, Software.Read.All, User.Read.All.

  8. Finally, click 'Grant admin consent for Default Directory' to apply these permissions.
    image.png

Was This Article Helpful?