Microsoft Defender For Endpoint (ATP)

Connection Requirements

1 - Tenant ID and Client ID

Steps to create Tenant ID and Client ID.
  1. 1.
    Log in to the Azure Portal with an administrator account.
  2. 2.
    Select Azure Active Directory.
  3. 3.
    Select App registrations > New registration. Fill in the details and click Register.
  4. 4.
    After you have created the app, you should see its Application ID and Directory ID. Write down these values in a safe place, These values are known as Client ID and Tenant ID.

2 - Client Secret

  1. 1.
    In the left menu, select Certificates & Secrets > New Client Secret. Click Add and copy the secret.
  2. 2.
    In the left menu, select API Permissions > Add a permission. Then select APIs my organization uses and select the WindowsDefenderATP API.
  3. 3.
    Select Application Permissions for required permissions.
  4. 4.
    Add the permission Machine.Read.All.
Click for more information.
Attention
Please perform a connection test to ensure there is a valid connection to the Microsoft ATP host. When the discovery operation finalized you will be able to see the details on Assets page.