Skip to content

Create Entra App Registration

Create Entra App Registration

Synchronizing data from Microsoft Defender for Endpoint is done using application permissions. Here we are configuring the permissions required for Power BI to connect to the Microsoft API’s to retrieve the data.

Prerequisites: The user performing this step requires Global Admin and Subscription Admin rights.

Step 1: Create a New App Registration

Section titled “Step 1: Create a New App Registration”
  1. Log in to portal.azure.com using a global administrator account.
  2. Search for and select App registrations.
  3. Select New registration.

Step 2: Register the Application

Section titled “Step 2: Register the Application”
  1. Enter a Name for the application. (This will not be seen by anyone other than admins.)
  2. Specify who can use the application as Accounts in this organizational directory only.
  3. Select Register. register defender app

Step 3: Open API Permissions

Section titled “Step 3: Open API Permissions”
  1. On the Enterprise App page select API Permissions.
  2. Remove the User.Read permission.
  3. Select Add a permission. defender remove default permmissions

Step 4: Select Microsoft Graph

Section titled “Step 4: Select Microsoft Graph”
  1. Select Microsoft Graph.

Step 5: Choose Application Permissions

Section titled “Step 5: Choose Application Permissions”
  1. Select Application permissions.

Step 6: Add Security Permissions

Section titled “Step 6: Add Security Permissions”
  1. Search for Security.
  2. Select the following permissions:
    • SecurityAlert.Read.All
    • SecurityEvents.Read.All
    • SecurityIncident.Read.All
  3. Do not select the Add permissions button, continue to the next step. defender security read permissionspng

Step 7: Add Directory Permissions

Section titled “Step 7: Add Directory Permissions”
  1. Search for Directory.
  2. Select the following permissions:
    • Directory.Read.All
  3. Do not select the Add permissions button, continue to the next step. directory read

Step 8: Add CloudApp-Discovery Permissions

Section titled “Step 8: Add CloudApp-Discovery Permissions”
  1. Search for CloudApp-Discovery.
  2. Select the following permissions:
    • CloudApp-Discovery.Read.All
  3. Do not select the Add permissions button, continue to the next step.

Step 9: Add Additional Directory Permissions

Section titled “Step 9: Add Additional Directory Permissions”
  1. Search for Directory.
  2. Select the following permissions:
    • Directory.Read.All
  3. Do not select the Add permissions button, continue to the next step. directory read

Step 10: Add ThreatHunting Permissions

Section titled “Step 10: Add ThreatHunting Permissions”
  1. Search for ThreatHunting.
  2. Select ThreatHunting.Read.All.
  3. Select the Add permissions button. threat hunting readall

Step 11: Add Another Permission Set

Section titled “Step 11: Add Another Permission Set”
  1. On the Enterprise App page select API Permissions.
  2. Select Add a permission. defender add more permissions

Step 12: Select WindowsDefenderATP API

Section titled “Step 12: Select WindowsDefenderATP API”
  1. Select APIs my organization uses.
  2. Search for WindowsDefenderATP.
  3. Select WindowsDefenderATP in the search results. windows defender atp api

Step 13: Choose Application Permissions

Section titled “Step 13: Choose Application Permissions”
  1. Select Application permissions. windows defender atp app permissions

Step 14: Add Machine Permissions

Section titled “Step 14: Add Machine Permissions”
  1. Search for Machine.
  2. Select the following permissions:
    • Machine.Read.All
  3. Do not select the Add permissions button, continue to the next step. defender machine readall

Step 15: Add SecurityRecommendation Permissions

Section titled “Step 15: Add SecurityRecommendation Permissions”
  1. Search for SecurityRecommendation.
  2. Select the following permissions:
    • SecurityRecommendation.Read.All
  3. Do not select the Add permissions button, continue to the next step. defender security read all

Step 16: Add Software Permissions

Section titled “Step 16: Add Software Permissions”
  1. Search for Software.
  2. Select the following permissions:
    • Software.Read.All
  3. Do not select the Add permissions button, continue to the next step. defender software read all

Step 17: Add Vulnerability Permissions

Section titled “Step 17: Add Vulnerability Permissions”
  1. Search for Vulnerability.
  2. Select the following permissions:
    • Vulnerability.Read.All
  3. Select the Add permissions button. defender vulnerability read all
Section titled “Step 18: Grant Admin Consent”
  1. Select **Grant admin consent for **. grant defender permissions
Section titled “Step 19: Confirm Admin Consent”
  1. Select Yes at the prompt.

Step 20: Create a Client Secret

Section titled “Step 20: Create a Client Secret”
  1. Select Certificates & secrets.
  2. Select New client secret.
  3. Enter a Description.
  4. Select a value for Expires.
  5. Select Add. defender new secret

Step 21: Record the Client Secret Value

Section titled “Step 21: Record the Client Secret Value”

  1. Record the Value data as the Azure AD Client Secret. This will be used later in the installation process. The value can only be displayed once, if you fail to record it here you will have to create a new one.

defender secret value

Step 22: Record the App and Tenant IDs

Section titled “Step 22: Record the App and Tenant IDs”
  1. Select Overview.
  2. Record the Application (client) ID as the Azure AD Client ID. This will be used later in the installation process.
  3. Record the Directory (tenant) ID as the Azure AD Tenant ID. This will be used later in the installation process.
  4. The Azure AD Application registration is now complete. defender app overview