This user manual will instruct you on how to integrate MS Defender for Endpoint with Autobahn Fit
Table of content
Why integrate MS Defender for Endpoint with Autobahn Fit
Prerequisites to enable the integration
- Creating an app in AzureAD for MS Defender
- Grant permission to your newly created app
- Create the Client secrets
- Collect Client and Tenant ID
Enable or disable your integration
Update your MS Defender for Endpoint integration configuration
View your MS Defender for Endpoint asset
Why integrate MS Defender for Endpoint with Autobahn Fit
Linking your MS Defender for Endpoint account lets you import scan results from your Microsoft Cloud environment and get them prioritized and clustered into Autobahn Fit's Cyber Fitness Workouts.
Prerequisites to enable the integration
Integrating MS Defender for Endpoint data into Autobahn requires several key elements, they are:
-
Client secret
-
Application
-
Directory
To collect all this data, you must first create an app in AzureAD for MS Defender and set the permission for the app.
Create an app in AzureAD for MS Defender
1 - In AzureAD navigate to App registrations and click the New registration button.
2 - On the registration page:
- Enter a name for your app
- Select Single Tenant as the Supported Account Types
- Select Web under Redirect URL (you can leave the Redirect URI section empty)
- Then click the Register button.
Grant permission to your newly created app
1 - In the newly created app registration, navigate to the API permissions tab and click the Add a permission button.
2 - The dialog box for requesting API permissions will appear. Go to the APIs my organization uses tab, search for "WindowsDefenderATP," and click on the result.
3 - In the next screen select Application permissions and select the following permissions:
-
Machine.Read.All
-
SecurityRecommendation.Read.All
-
Vulnerability.Read.All
These permissions needs to be selected to
4 - As a final step click the Grand admin consent button to grant access to the required permissions.
Create the Client secrets
1 - Navigate to the Certificates & Secrets page and open the Client Secrets tab. Click the New Client Secret.
2 - On the Add client secret box, enter a description and decide for how long the secret should be valid. Once the secret ID expires, you must create a new one and update the integration on Autobahn Fit.
Collect Client and Tenant ID
1 - As a last step, take note of the following information, which you will need to enable the integration in Autobahn:
-
Application (client) ID
-
Directory (tenant) ID
Integrate your MS Defender for Endpoint with Autobahn Fit
After credentials are collected, navigate to the Integration page on Autobahn Fit.
1 - On the Integrations page, in the MS Defender for Endpoint card, click the Configure button.
2 - On the MS Defender Integration for Endpoint page, input the integration label on the Label field.
3 - Input your MS Defender Tenant ID in the Tenant ID field.
4 - Input your MS Defender App ID in the App ID field.
5 - Input your MS Defender App secret in the App Secret field.
6 - Once you have completed the form, click the Save button.
7 - If the credentials are correct, you will be notified if the credentials are correct or incorrect.
Once activated Autobahn Fit will directly fetch the latest machine and vulnerability data from MS Defender and will continue to fetch this data once a day, unless deactivated.
Enable or disable your integration
After you integrate your MS Defender for Endpoint account, you can enable or disable the integration by:
1 - Navigate to the Integrations page.
2 - Switch off the toggle on the top right of the MS Defender for Endpoint card.
Update your MS Defender for Endpoint integration configuration
1 - Navigate to the Integrations page.
2 - Click the Edit button on the bottom of the MS Defender for Endpoint card. You will be directed to the MS Defender for Endpoint integration page.
3 - Click the Reset button to remove the previously added credentials and add new credentials.
Before resetting the configuration, ensure to configure MS Defender for Endpoint first.
View your MS Defender for Endpoint asset
After enabling integration, you can scan your MS Defender for Endpoint assets by navigating to the Assets page.
Assets imported from MS Defender for Endpoint will be displayed on the Assets page.
