Skip to content

Semantic Model Parameters

Semantic Model Parameters

The BI for Defender dataset contains some parameters that must be configured to synchronize data from Defender for Endpoint to Power BI. Other parameters add additional functionality to BI for Defender. This article explains each of the parameters in detail.

Step 1: Open the Defender Workspace

Section titled “Step 1: Open the Defender Workspace”
  1. To view or modify the dataset parameters select Workspaces.
  2. Select the BI for Defender workspace. defender workspace

Step 2: Open the Dataset Settings

Section titled “Step 2: Open the Dataset Settings”
  1. Hover over the bi_for_defender Semantic model to reveal a kebab menu (three vertical dots).
  2. Select the kebab menu.
  3. Select Settings. defender settings

Step 3: Expand the Parameters Section

Section titled “Step 3: Expand the Parameters Section”
  1. Expand Parameters.

Step 4: Configure the ApiKey

Section titled “Step 4: Configure the ApiKey”
      ApiKey
  1. Required configuration: Yes
  2. Default value: Blank
  3. This should be the API Key that you received from us after completing the Request a Trial Key form.

Step 5: Configure AzureAD TenantID

Section titled “Step 5: Configure AzureAD TenantID”
      AzureAD TenantID
  1. Required configuration: Yes
  2. Default value: Blank
  3. This should be your Azure AD tenant ID.
  4. Note: An easy way to get this is to go to https://www.whatismytenantid.com/

Step 6: Configure AzureAD ClientID

Section titled “Step 6: Configure AzureAD ClientID”
      AzureAD ClientID
  1. Required configuration: Yes
  2. Default value: Blank
  3. The Application (client) ID from the Entra App Registration.

Step 7: Configure AzureAD ClientSecret

Section titled “Step 7: Configure AzureAD ClientSecret”
      AzureAD ClientSecret
  1. Required configuration: Yes
  2. Default value: Blank
  3. The Azure AD Client Secret is the most common mistake that customers make when installing BI for Defender.  It is shown as the “Value” when adding the client secret to the Azure AD App Registration. The Client Secret does not have dashes (-) in it. The Client Secret looks similar to this: aBcDE~fGh.I.JKlmnopqRsTuVwXyZ1234567890

Step 8: Configure AzureAD Pace API

Section titled “Step 8: Configure AzureAD Pace API”
      AzureAD Pace API (s)
  1. Required configuration: None
  2. Default value: 0
  3. Determines the amount of time the sync process waits for a response from the Pace API’s and then it loops until a response is received. Do not change this value unless instructed to do so by PowerStacks support.

Step 9: Configure Application Control Days

Section titled “Step 9: Configure Application Control Days”
      AzureAD AdvancedHunting Application Control Day(s)
  1. Required configuration: None
  2. Default value: 3 days
  3. Max value: 30
  4. -1 disables this feature. azuread advancedhunting application control day

Step 10: Configure AdvancedHunting PageSize

Section titled “Step 10: Configure AdvancedHunting PageSize”
      AzureAD AdvancedHunting PageSize API
  1. Required configuration: None
  2. Default value: 10000
  3. Determines the page size for MS Graph queries. Do not change this value unless instructed to do so by PowerStacks support. azuread advancedhunting pagesize api

Step 11: Configure Export URL Enable

Section titled “Step 11: Configure Export URL Enable”
      AzureAD Export URL Enable
  1. Required configuration: Yes, only if the AzureAD Export URL has been populated.
  2. Default value: FALSE
  3. Determines if the URL from the AzureAD Export URL is used or if the URL is found automatically by the app.
  4. Setting this parameter to TRUE will create a new data source credential that must be configured. Authentication method: Anonymous
  5. Privacy Level: Organizational
  6. Select Skip test connection

Step 12: Configure the Export URL

Section titled “Step 12: Configure the Export URL”
      AzureAD Export URL
  1. Required configuration: None
  2. Default value: Blank
  3. The export URL varies from one Azure tenant to another. If this value is not populated our code will find the correct URL that your Intune environment uses to export data, however, to avoid redirection and improve security it is recommended to set this parameter.
  4. Be sure to also set AzureAD Export URL Enable = TRUE when using this parameter.
  5. To learn more please see our Configure Defender Export API documentation.

Step 13: Configure AdvancedHunting Process Days

Section titled “Step 13: Configure AdvancedHunting Process Days”
      AzureAD AdvancedHunting Process Day(s)
  1. Required configuration: None
  2. Default value: 1 days
  3. Max value: 30
  4. -1 disables this feature.
  5. Allows you to configure the number of days of process data to pull from Advanced Hunting. azuread advancedhunting process day

Step 14: Configure AzureAD PageSize API

Section titled “Step 14: Configure AzureAD PageSize API”
      AzureAD PageSize API
  1. Required configuration: None
  2. Default value: 10000
  3. Determines the page size of queries. Do not change this value unless instructed to do so by PowerStacks support.

Step 15: Configure AzureAD Proxy Enable

Section titled “Step 15: Configure AzureAD Proxy Enable”
      AzureAD Proxy Enable
  1. Required configuration: Yes
  2. Default value: True
  3. Should ALWAYS be False unless you are viewing the reports with the demo data. azuread proxy enable

Step 16: Configure AdvancedHunting Days

Section titled “Step 16: Configure AdvancedHunting Days”
      AzureAD AdvancedHunting Day(s)
  1. Required configuration: None
  2. Default value: 30
  3. Allows you to configure the number of days of data to pull from Advanced Hunting. azuread advancedhunting process day

Step 17: Configure Export URL Wait Time

Section titled “Step 17: Configure Export URL Wait Time”
      AzureAD Export URL Wait (s)
  1. Required configuration: None
  2. Default value: 1
  3. Determines the amount of time the sync process waits for each Intune export job to report a status and then loops until a status is received. Do not change this value unless instructed to do so by PowerStacks support.

Step 18: Configure Export URL Timeout

Section titled “Step 18: Configure Export URL Timeout”
      AzureAD Export URL Timeout (s)
  1. Required configuration: None
  2. Default value: 3600
  3. Determines the amount of time the sync process waits for each Intune export job before it times out. Do not change this value unless instructed to do so by PowerStacks support.

Step 19: Configure AzureAD Login URL

Section titled “Step 19: Configure AzureAD Login URL”
      AzureAD Login URL
  1. Required configuration: None
  2. Default value: https://login.microsoftonline.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud. azuread login url

Step 20: Configure AzureAD Graph URL

Section titled “Step 20: Configure AzureAD Graph URL”
      AzureAD Graph URL
  1. Required configuration: None
  2. Default value: https:/graph.microsoft.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud. azuread graph url

Step 21: Configure SecurityCenter URL

Section titled “Step 21: Configure SecurityCenter URL”
      AzureAD SecurityCenter URL
  1. Required configuration: None
  2. Default value: https://api.securitycenter.microsoft.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud.

azuread securitycenter url

Step 22: Configure Vulnerability History Days

Section titled “Step 22: Configure Vulnerability History Days”
      AzureAD Vulnerability History Day(s)
  1. Required configuration: None
  2. Default value: 1
  3. By default, only vulnerability data from the last 1 day are available in the reports. Getting more days of vulnerability data will result in slower synchronizations and possibly cause synchronization timeouts. The max value is 30.
  4. Note, vulnerability data can be completely disabled by setting this value to -1. azuread vulnerability history day

Step 23: Configure Vulnerability History PageSize

Section titled “Step 23: Configure Vulnerability History PageSize”
      AzureAD Vulnerability History PageSize API
  1. Required configuration: None
  2. Default value: 200000
  3. Do not change this value unless instructed to do so by PowerStacks support. azuread vulnerability history pagesize api