Skip to main content

Microsoft Defender For Endpoints Microsoft Defender For Endpoints

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Creating a Microsoft Defender For Endpoints connection

Create the connection by using one of the following methods:

Using OAuth

Creating your connection

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the Microsoft Defender For Endpoints icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Click OAuth to authenticate using OAuth.
  5. Sign in using your credentials.
info

Need admin approval? please refer to the Need Admin Approval guide.

Using App Registration

To create the connection you need:

  • A Client ID
  • A Client Secret
  • A Tenant ID

Obtaining the credentials

  1. Log into the Azure Portal.

  2. Go to the Microsoft Entra ID resource.

    Azure Active Directory Resource

  3. In the left-hand menu, click App registrations.

    App Registrations

  4. Create a new application registration or click on one of your existing applications.

    My App

  5. In the left-hand menu, click API permissions.

    API Permissions

  6. Click Add a permission > APIs my organization uses > WindowsDefenderATP.

    Add Permission

  7. Choose Application permissions and mark the permissions you wish to add.

    Application Permissions

To support all of Blink's actions, these are the required application permissions:

Required Permissions
Alert.Read.All
Alert.ReadWrite.All
Machine.LiveResponse
Machine.Read.All
Machine.ReadWrite.All
Machine.Isolate
AdvancedQuery.Read.All

  1. Click Add permissions to save the changes.

  2. Click Grant admin consent for <your tenant> on the API permissions page. Only admins can grant consent.

    Grant Admin Consent

  3. Confirm that the added permissions are now verified.

    Granted Admin Consent

  4. Navigate to Overview and Copy your client ID and tenant ID.

    Client ID &amp; Tenant ID

  5. Create a new client secret.

    Client Secret

  6. Copy the secret value.

    Client Secret

Creating your connection

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the Microsoft Defender For Endpoints icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select App Registration as the method to create the connection.
  5. Fill in the parameters:
    • The Client ID
    • The Client Secret
    • The Tenant ID
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.

Interactive Tutorial Guides

You can also refer to the following tutorial guides for a more in-depth understanding of how to create a Microsoft Defender for Endpoints connection.