Microsoft Defender for Endpoint

The following steps will integrate Microsoft Defender for Endpoint by using an Enterprise Application / Application Registration with the below API permissions. Currently setup is limited to using a Service Principal Name (SPN) with a client id, client secret, tenant id, and domain.

Required Permissions

API	Permissions Name	Type	Description	Admin Consent Required
Microsoft Defender ATP	Machine.Read.All	Application	Read all machine profiles	Yes

Setting Up Microsoft Defender for Endpoint Device Integration

In Tier Zero Code, go to “Integrations” and click on the Microsoft Defender for Endpoint device integration then enable and configure integration.

In the Microsoft Defender for Endpoint Configuration, you’ll need the following fields:

Client ID

string

required

The application (client) ID from the “Overview” section of your app registration

Client Secret

string

required

The client secret value from the “Certificates and secrets” section of your app registration

Tenant ID

string

required

The directory (tenant) ID from the “Overview” section of your app registration

Tenant Domain

string

required

The primary domain from the “Home” of your Microsoft Entra admin center.

About

Manage Tier Zero Code

Required Permissions

Setting Up Microsoft Defender for Endpoint Device Integration

About

Manage Tier Zero Code

​Required Permissions

​Setting Up Microsoft Defender for Endpoint Device Integration

Required Permissions

Setting Up Microsoft Defender for Endpoint Device Integration