Microsoft Defender External Attack Surface Management (Defender EASM)

Microsoft Defender External Attack Surface Management discovers and maps the digital attack surface and provides an external view of a company’s online infrastructure.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices

Parameters

1. Azure Tenant ID (required) - The Microsoft Entra ID (Azure AD) ID.

2. Azure Client ID (required) - The Application ID of the Axonius application.

3. Azure Subscription ID (required) - The Microsoft Entra ID (Azure AD) Subscription ID.

4. Azure Client Secret (required) - Specify a non-expired key generated from the new client secret.

5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

6. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

7. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

8. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

APIs

Axonius uses the Microsoft Defender EASM REST API.

Required Permissions

To connect to Microsoft Entra ID (Azure AD), you need to create a Designated Axonius application in the Microsoft Azure Portal and grant it read-only permissions. All required credentials will be given once an application is created. For details, see Creating an application in the Microsoft Azure Portal.

Apply the same permissions as are used on the Microsoft Entra ID (Azure AD) adapter. The required permissions are as follows:

• AuditLog.Read.All
• Directory.Read.All
• Application.Read.All

Supported From Version

Supported from Axonius version 6.0