# Microsoft Defender

## Connection Requirements

{% stepper %}
{% step %}

### Tenant ID and Client ID

Steps to create Tenant ID and Client ID.

* Log in to the Azure Portal with an administrator account.
* Select Azure Active Directory.
* Select App registrations > New registration. Fill in the details and click Register.
* After you have created the app, you should see its Application ID and Directory ID. Write down these values in a safe place. These values are known as Client ID and Tenant ID.
  {% endstep %}

{% step %}

### Client Secret

* In the left menu, select Certificates & Secrets > New Client Secret. Click Add and copy the secret.
* In the left menu, select API Permissions > Add a permission. Then select APIs my organization uses and select the WindowsDefenderATP API.
* Select Application Permissions for required permissions.
* Add the permission Machine.Read.All, Software.Read.All.
  {% endstep %}

{% step %}

### Timeout

Amount of time that will be waited for API response. (default: 60)
{% endstep %}

{% step %}

### Fetch Vulnerabilities

Fetch vulnerability information. (optional, default: True). Scope: Vulnerability.Read.All
{% endstep %}

{% step %}

### Fetch Missing Kbs

Fetch missing kbs information. (optional, default: True). Scope: Software.Read.All
{% endstep %}

{% step %}

### Fetch Installed Softwares

Fetch installed software information. (optional, default: True)
{% endstep %}

{% step %}

### Fetch Logged On Users

Fetch logged on users information. (optional, default: False). Scope: User.Read.All
{% endstep %}

{% step %}

### Fetch Security Recommendations

Fetch list of security recommendations affecting the machines.
{% endstep %}

{% step %}

### SSL

Use SSL for connection. (optional, default: Encrypted).

{% hint style="info" %}
🔵 Note\
Click for more information.
{% endhint %}
{% endstep %}
{% endstepper %}

{% hint style="warning" %}
⚠️ Attention\
Please perform a **connection test** to ensure there is a valid connection to the host.\
When the discovery operation is finalized, you will be able to see the details on the **Assets** page.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.octoxlabs.com/adapters/adapters/microsoft-defender.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.