Prepare Microsoft Defender connector

The Microsoft Defender connector retrieves information about applications, users, and their user activity. In the Microsoft Azure portal, you are required to configure a Graph API application, add API access, and grant the application permissions. You are required to copy Application (Client) ID, Directory (Tenant) ID, and Region, create a Client secret and enter these values in Settings when adding the connector.

Prerequisites

To grant the application permissions, you must have Global administrator access.

• If Microsoft Azure > User settings > Users can register applications is Yes, the user account used to create the application does not have to be assigned to a role.

• If Microsoft Azure > User settings > Users can register applications is No, the user account used to create the application must be assigned to one of the following roles:

  • Global administrator

  • Application administrator

  • Cloud application administrator

  • Application developer

Procedure

1. Sign in to the Microsoft Azure portal: https://azure.microsoft.com/

2. Select App registrations and then select New registration.

3. Enter a Name for your application.

4. Set Supported account types to Accounts in this organizational directory only.

5. Select Register.

   You will be redirected to the Overview page.

6. On the Overview page, copy and save the Application (client) ID and the Directory (tenant) ID.

   You will use these values to set up the connector in Snow Atlas.

7. Add API permissions to Microsoft Graph for the application you created:

   1. Select API permissions and then select Add a permission.

   2. In Request API permissions, select Microsoft Graph and then select Application permissions.

   3. In the list of permissions, select and add the permission scope for CloudApp-Discovery.Read.All.

   4. Select Add permissions.

   5. After adding the permissions, select Grant admin consent for [your company name].

8. Add API permissions to access the Microsoft Defender for Cloud Apps API with application context:

   1. Select API permissions and then select Add a permission.

   2. In Request API permissions, select APIs my organization uses.

   3. Type and select Microsoft Cloud App Security from the list.

   4. Select Application permissions and add the permission scope for investigation.read.

   5. Select Add permissions.

   6. After adding the permissions, select Grant admin consent for [your company name].

9. In Certificates & secrets, create a client secret:

   1. Select New client secret.

   2. Enter a Description for the key, for your own reference.

   3. Set Expires to your desired value.

      caution

      When the client secret expires, the connector will not be able to import data.

      Regenerate the client secret when it expires and enter the new value in the connector Settings.

   4. To display the client secret, select Add.

      Copy and save the value. It is used when adding the connector.

10. When adding the connector in Snow Atlas, in Settings, enter the saved values according to the table.

Setting	Value from Microsoft Azure Portal
Client ID	Application (client) ID
Client secret	Client secret
Region	Region of the tenant in Microsoft Azure
Tenant ID	Directory (tenant) ID

After completing this task, follow the general procedure to Add connectors.

The connector makes API calls to the vendor and retrieves data. For more information, see API calls and Data retrieved by the connector.

---

Flexera does not own the third party trademarks, software, products, or tools (collectively, the "Third Party Products") referenced herein. Third Party Product updates, including user interface updates, may not be reflected in this content.