Find the instructions on how to integrate Microsoft (MS) Defender for Endpoint with Autobahn Fit in this article
Linking your MS Defender for Endpoint account lets you import scan results from your Microsoft environment(s) so they can be prioritized and clustered into Cyber Fitness Workouts.
Table of content
- Prerequisites to enable the integration
- Enable or disable integration
- Update integration configuration
- View MS Defender for Endpoint assets
1. Prerequisites to enable the integration
Integrating MS Defender for Endpoint data into Autobahn Fit requires several key elements:
-
Client secret
-
Application
-
Directory
To collect this data, you must first create an app in AzureAD for MS Defender and set the right permissions for this app.
a. Create an app in AzureAD for MS Defender
1 - In AzureAD navigate to App registrations and click the New registration button.
2 - On the registration page:
- Enter a name for your app, for example Autobahn Fit
- Select Single Tenant as the Supported Account Types
- Select Web under Redirect URL (you can leave the Redirect URI section empty)
- Then click the Register button.
b. Grant permission to your newly created app
1 - In the newly created app registration, navigate to the API permissions tab and click the Add a permission button.
2 - The dialog box for requesting API permissions will appear. Go to the APIs my organization uses tab, search for "WindowsDefenderATP," and click on the result.
3 - In the next screen select Application permissions and select the following permissions:
-
Machine.Read.All
-
SecurityRecommendation.Read.All
-
Vulnerability.Read.All
These permissions need to be selected to gather the correct data.
4 - As a final step click the Grand admin consent button to grant access to the required permissions.
c. Create Client secrets
1 - Navigate to the Certificates & Secrets page and open the Client Secrets tab. Click the New Client Secret.
2 - On the Add client secret box, enter a description (for example autobahn_secret) and decide for how long the secret should be valid. Once the secret ID expires, you must create a new one and update the integration in Autobahn Fit.
d. Collect Client and Tenant ID
1 - As a last step, take note of the following information, which you will need to enable the integration in Autobahn:
-
Application (client) ID
-
Directory (tenant) ID
2. Integrate MS Defender for Endpoint with Autobahn Fit
After all prerequisites are gathered, navigate to the Integrations page in Autobahn Fit.
1 - On the Integrations page, in the MS Defender for Endpoint card, click the Configure button.
2 - On the MS Defender Integration for Endpoint page, input the integration label on the Label field.
3 - Input your MS Defender Tenant ID in the Tenant ID field.
4 - Input your MS Defender App ID in the App ID field.
5 - Input your MS Defender App secret in the App Secret field.
6 - Once you have completed the form, click the Save button.
7 - If the credentials are correct, you will be notified if the credentials are correct or incorrect.
Once activated, Autobahn Fit will directly fetch the latest machine and vulnerability data from MS Defender and will continue to fetch this data once a day, unless deactivated.
3. Enable or disable integration
You can enable or disable the integration by:
1 - Navigate to the Integrations page.
2 - Switch off the toggle on the top right of the MS Defender for Endpoint card.
4. Update MS Defender for Endpoint integration configuration
1 - Navigate to the Integrations page.
2 - Click the Edit button on the bottom of the MS Defender for Endpoint card. You will be directed to the MS Defender for Endpoint integration page.
3 - Click the Reset button to remove the previously added credentials and add new credentials.
Before resetting the configuration, ensure to configure MS Defender for Endpoint first.
5. View MS Defender for Endpoint assets
After enabling integration, you can check your MS Defender for Endpoint assets by navigating to the Assets page.
Assets imported from MS Defender for Endpoint will be displayed on the Assets page.
