Create Azure App Registration
Copy the URL link to this section to share
Synchronizing data from Microsoft Defender for Endpoint is done using application permissions. Here we are configuring the permissions required for Power BI to connect to the Microsoft API’s to retrieve the data.
Prerequisites: The user performing this step requires Global Admin and Subscription Admin rights.
Step
- Login to portal.azure.com using a global administrator account.
- Search for and select App registrations.
- Select New registration.
Step
- Enter a Name for the application. (This will not be seen by anyone other than admins.)
- Specify who can use the application as Accounts in this organizational directory only.
- Select Register.
Step
- On the Enterprise App page select API Permissions.
- Remove the User.Read permission.
- Select Add a permission.
Step
- Select Microsoft Graph.
Step
- Select Application permissions.
Step
- Search for Security.
- Select the following permissions:
- SecurityAlert.Read.All
- SecurityEvents.Read.All
- SecurityIncident.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
- Search for Directory.
- Select the following permissions:
- Directory.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
- Search for ThreatHunting.
- Select ThreatHunting.Read.All.
- Select the Add permissions button.
Step
- On the Enterprise App page select API Permissions.
- Select Add a permission.
Step
- Select APIs my organization uses.
- Search for WindowsDefenderATP.
- Select WindowsDefenderATP in the search results.
Step
- Select Application permissions.
Step
- Search for Machine.
- Select the following permissions:
- Machine.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
- Search for SecurityRecommendation.
- Select the following permissions:
- SecurityRecommendation.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
- Search for Software.
- Select the following permissions:
- Software.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
- Search for Vulnerability.
- Select the following permissions:
- Vulnerability.Read.All
- Select the Add permissions button.
Step
- Select Grant admin consent for <your company name>.
Step
- Select Yes at the prompt.
Step
- Select Certificates & secrets.
- Select New client secret.
- Enter a Description.
- Select a value for Expires.
- Select Add.
Step
- Record the Value data as the Azure AD Client Secret. This will be used later in the installation process. The value can only be displayed once, if you fail to record it here you will have to create a new one.
- NOTE: This is the most common mistake made. You do not need the "Secret ID" You just need the "Value".
Step
- Select Overview.
- Record the Application (client) ID as the Azure AD Client ID. This will be used later in the installation process.
- Record the Directory (tenant) ID as the Azure AD Tenant ID. This will be used later in the installation process.
- The Azure AD Application registration is now complete.
