Microsoft Defender API Integration¶
Before you begin
Ensure you have the necessary permissions to create client secrets in your organization's account.
This process is crucial for integrating with FortifyData's services.
This guide will walk you through the process of setting up the Microsoft Defender Integration for FortifyData in the Azure Portal. This integration allows FortifyData to access the necessary data from your Microsoft Defender account to provide comprehensive security insights and recommendations.
Steps¶
- Open the Azure Portal at portal.azure.com.
- In the search dialog, type
Entraand selectMicrosoft Entra ID. - In the left navigation panel, select
App registrations. - In the main window, click the
New registrationbutton. - Name the application
Microsoft Defender Integration for FortifyData. - Leave all other fields as they are and click the
Registerbutton at the bottom of the page. - From the left navigation panel, select
API permissions.
Adding Permissions¶
Note
Application and Delegated permissions need to be added separately.
Add permissions from the list below by clicking the Add a permission button, selecting the appropriate API, and then selecting the listed permissions.
| API | Type | Permission |
|---|---|---|
| Microsoft Threat Protection | Application | AdvancedHunting.Read.All |
| Microsoft Threat Protection | Application | Incident.Read.All |
| Microsoft Graph | Application | AttackSimulation.Read.All |
| Microsoft Graph | Application | Device.Read.All |
| Microsoft Graph | Application | DeviceLocalCredential.Read.All |
| Microsoft Graph | Application | DeviceManagementApps.Read.All |
| Microsoft Graph | Application | DeviceManagementConfiguration.Read.All |
| Microsoft Graph | Application | Domain.Read.All |
| Microsoft Graph | Application | MultiTenantOrganization.Read.All |
| Microsoft Graph | Application | MultiTenantOrganization.ReadBasic.All |
| Microsoft Graph | Application | NetworkAccess.Read.All |
| Microsoft Graph | Application | NetworkAccessBranch.Read.All |
| Microsoft Graph | Application | NetworkAccess-Reports.Read.All |
| Microsoft Graph | Application | Organization.Read.All |
| Microsoft Graph | Application | OrganizationalBranding.Read.All |
| Microsoft Graph | Application | OrgContact.Read.All |
| Microsoft Graph | Application | OrgSettings-AppsAndServices.Read.All |
| Microsoft Graph | Application | Policy.Read.All |
| Microsoft Graph | Application | SecurityActions.Read.All |
| Microsoft Graph | Application | SecurityAlert.Read.All |
| Microsoft Graph | Application | SecurityAnalyzedMessage.Read.All |
| Microsoft Graph | Application | SecurityEvents.Read.All |
| Microsoft Graph | Application | SecurityIdentitiesHealth.Read.All |
| Microsoft Graph | Application | SecurityIncident.Read.All |
| Microsoft Graph | Application | Sites.Read.All |
| Microsoft Graph | Application | ThreatAssessment.Read.All |
| Microsoft Graph | Application | ThreatHunting.Read.All |
| Microsoft Graph | Application | ThreatIndicators.Read.All |
| Microsoft Graph | Application | ThreatIntelligence.Read.All |
| Microsoft Graph | Application | ThreatSubmissionPolicy.ReadWrite.All |
| Microsoft Graph | Application | ThreatSubmission.Read.All |
| Microsoft Graph | Application | User.Read.All |
| Microsoft Graph | Application | User.ReadBasic.All |
| WindowsDefenderATP | Application | AdvancedQuery.Read.All |
| WindowsDefenderATP | Application | Alert.Read.All |
| WindowsDefenderATP | Application | File.Read.All |
| WindowsDefenderATP | Application | Ip.Read.All |
| WindowsDefenderATP | Application | Machine.CollectForensics |
| WindowsDefenderATP | Application | Machine.Read.All |
| WindowsDefenderATP | Application | RemediationTasks.Read.All |
| WindowsDefenderATP | Application | Score.Read.All |
| WindowsDefenderATP | Application | SecurityBaselinesAssessment.Read.All |
| WindowsDefenderATP | Application | SecurityConfiguration.Read.All |
| WindowsDefenderATP | Application | SecurityRecommendation.Read.All |
| WindowsDefenderATP | Application | Software.Read.All |
| WindowsDefenderATP | Application | Ti.Read.All |
| WindowsDefenderATP | Application | Url.Read.All |
| WindowsDefenderATP | Application | User.Read.All |
| WindowsDefenderATP | Application | Vulnerability.Read.All |
| Microsoft Graph | Delegated | SecurityActions.Read.All |
| Microsoft Graph | Delegated | SecurityAlert.Read.All |
| Microsoft Graph | Delegated | SecurityEvents.Read.All |
| Microsoft Graph | Delegated | SecurityIdentitiesHealth.Read.All |
| Microsoft Graph | Delegated | SecurityIncident.Read.All |
| Microsoft Graph | Delegated | ThreatHunting.Read.All |
| Microsoft Graph | Delegated | ThreatIndicators.Read.All |
| Microsoft Graph | Delegated | ThreatIntelligence.Read.All |
| Microsoft Graph | Delegated | ThreatSubmission.Read |
| Microsoft Graph | Delegated | ThreatSubmission.Read.All |
| Microsoft Graph | Delegated | Topic.Read.All |
| Microsoft Graph | Delegated | User.Read |
Granting Admin Consent¶
After adding all the permissions, click the button Grant admin consent for [ORG NAME] and confirm it by clicking Yes.
Creating a Client Secret¶
- Navigate to Certificates & Secrets: In the left navigation panel, find and click on
Certificates & secrets. - Add a New Client Secret: Click the
New client secretbutton. - Describe Your Secret: Enter
FortifyDataAPISecretin the Description field. This name helps identify the purpose of the secret. - Set Expiration: Choose
730 days (24 months)from the Expires dropdown to determine how long the secret is valid. - Save Your Secret: Click
Addat the bottom to create the secret.
Important Note¶
Handle Your Client Secret with Care
After creating the secret, immediately copy the Value and Secret ID.
Use the copy icon beside each to copy them securely. It's crucial to handle these details carefully. This will be needed to complete the configuration in the FortifyData platform.