-
Installation Guides
-
Admin Guides
-
User Guides
- Articles coming soon
-
References
Print
Create Azure App Registration
Copy the URL link to this section to share
Synchronizing data from Microsoft Defender for Endpoint is done using application permissions. Here we are configuring the permissions required for Power BI to connect to the Microsoft API’s to retrieve the data.
Prerequisites: The user performing this step requires Global Admin and Subscription Admin rights.
Step
Step 1
- Login to portal.azure.com using a global administrator account.
- Search for and select App registrations.
- Select New registration.
Step
Step 2
- Enter a Name for the application. (This will not be seen by anyone other than admins.)
- Specify who can use the application as Accounts in this organizational directory only.
- Select Register.
Step
Step 3
- On the Enterprise App page select API Permissions.
- Remove the User.Read permission.
- Select Add a permission.
Step
Step 4
- Select Microsoft Graph.
Step
Step 5
- Select Application permissions.
Step
Step 6
- Search for Security.
- Select the following permissions:
- SecurityAlert.Read.All
- SecurityEvents.Read.All
- SecurityIncident.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
Step 7
- Search for Directory.
- Select the following permissions:
- Directory.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
Step 8
- Search for ThreatHunting.
- Select ThreatHunting.Read.All.
- Select the Add permissions button.
Step
Step 9
- On the Enterprise App page select API Permissions.
- Select Add a permission.
Step
Step 10
- Select APIs my organization uses.
- Search for WindowsDefenderATP.
- Select WindowsDefenderATP in the search results.
Step
Step 11
- Select Application permissions.
Step
Step 12
- Search for Machine.
- Select the following permissions:
- Machine.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
Step 13
- Search for SecurityRecommendation.
- Select the following permissions:
- SecurityRecommendation.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
Step 14
- Search for Software.
- Select the following permissions:
- Software.Read.All
- Do not select the Add permissions button, continue to the next step.
Step
Step 15
- Search for Vulnerability.
- Select the following permissions:
- Vulnerability.Read.All
- Select the Add permissions button.
Step
Step 16
- Select Grant admin consent for <your company name>.
Step
Step 17
- Select Yes at the prompt.
Step
Step 18
- Select Certificates & secrets.
- Select New client secret.
- Enter a Description.
- Select a value for Expires.
- Select Add.
Step
Step 19
- Record the Value data as the Azure AD Client Secret. This will be used later in the installation process. The value can only be displayed once, if you fail to record it here you will have to create a new one.
- NOTE: This is the most common mistake made. You do not need the "Secret ID" You just need the "Value".
Step
Step 20
- Select Overview.
- Record the Application (client) ID as the Azure AD Client ID. This will be used later in the installation process.
- Record the Directory (tenant) ID as the Azure AD Tenant ID. This will be used later in the installation process.
- The Azure AD Application registration is now complete.