Microsoft Defender XDR
Microsoft XDR (Extended Detection and Response), formerly known as 365 Defender, is a comprehensive cybersecurity solution that integrates multiple Microsoft security products for threat detection, investigation, and response across various domains like endpoints, email, and cloud to provide unified protection for an organization's digital environment.
Microsoft Defender XDR alerts are generated by many sources
Solutions that are part of Microsoft Defender XDR:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- The app governance add-on for Microsoft Defender for Cloud Apps
- Microsoft Entra ID Protection
- Microsoft Data Loss Prevention
Other services that have integrations with the Microsoft Defender security portal:
- Microsoft Sentinel
- Non-Microsoft security solutions that pass their alerts to Microsoft Sentinel
- Microsoft Defender for Cloud
Creating a Microsoft Defender XDR connection
Using App Registration
To create the connection you need:
- A Client ID
- A Client Secret
- A Tenant ID
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the Microsoft Defender XDR icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select App Registration as the method to create the connection.
- Fill in the parameters:
- The Client ID
- The Client Secret
- The Tenant ID
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.