Skip to content

Microsoft Defender Data Connector Installation🔗

This connector allows you to continuously import Microsoft Defender scan and asset data into your Secureworks® Taegis™ VDR application in order to leverage VDR contextual prioritization.

To start the installation, follow these steps:

  1. Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
  2. Select Connectors from the System Settings box.

VDR Connector List

  1. Select Add Connector at the top right to add a new connector.
  2. Select External Scanner: MS Defender from the Connector dropdown, and then choose Create New API Client from the API Client dropdown.
  3. Select Submit to open the installation wizard in a new window.

Note

Your browser might ask you to allow pop-ups from the originating window.

  1. From the wizard, follow the steps to complete the installation.

Local API Access🔗

MS Defender Data Connector Installation Wizard

The VDR API Access step requires you to enter your instance app URL and a Public API Client ID and Client Secret if not already populated for you. Follow this guide in order to create one.

  1. You will be asked to log in to VDR to authorize your Public API client to make requests on your behalf during the installation process.

  2. Make sure to select Full Access from the Authorization level dropdown. Submitting the form redirects you back to the installation wizard where you can proceed with the next step.

Note

The authorization duration can be very short since this is only used for installation purposes.

Public API Client Authorization

Microsoft Defender API Access🔗

The Microsoft Defender API access requires you to fill in the tenant ID and credentials given by MS Defender.

It requests and stores the access token to allow the connectors to retrieve the data. The access token is stored through VDR Credentials and is visible in the Settings/Credentials view.

Microsoft Defender Connector Installation Wizard

How to Create API Key and Set API Permissions in Microsoft Defender🔗

Log in to Microsoft Defender.

Register a New App in MS Defender for Client and Tenant IDs🔗

  1. Search for App registrations.
  2. Select New Registration.
    • Name: "VDR Integration"
    • Supported accounts (Account in this organization directory only)
  3. Select Register and collect the Application (client) ID and Directory (tenant) ID to enter in the MS Defender Data Connector Wizard.

Create New Client Secret🔗

  1. Select Certificates & secrets on the left hand side.
  2. Select New client secret.
    • Description: "VDR Integration"
    • Expires: Select longest available that aligns with your own internal policies.
  3. Copy Value to enter in the Client Secret field within the MS Defender Data Connector Wizard.

Set API Permissions🔗

  1. Select Manage on the left hand side.
  2. Select API permissions.
  3. Select Add a permission.
    • Select APIs my organization uses and scroll down to select WindowsDefenderATP.
      • You may need to select Load More to see it on the list.
    • Select Application permissions and select the following:
      • [ ] Machine (Machine.Read.All)
      • [ ] Software (Software.Read.All)
      • [ ] Vulnerability (Vulnerability.Read.All)
    • Select Add permissions.
  4. Select Grant admin consent.
  5. Navigate to the MS Defender Data Connector Wizard and select Connect.

Configuration🔗

The Configuration step requires you to select a team for the assets. In the case of the teams list being empty, you’ll need to refresh the page and start anew. Enter an IP Range, a Tag, and Frequency to retrieve the MS Defender data. This tag is important as it links the synchronized data to its source.

Note

You should remember the Tag that you create since you will likely have to re-use it to configure third-party scanner ranges or assets with this special tag.

After submitting the form, we will create all of these for you.

If everything was created properly, the Confirmation step displays a success message.

You can close this tab and you will be brought back to the Integration Connectors panel to see your new connector.

Important

It is important to save the Tenant ID/Client ID/Client Secret in a password manager on your end.

Confirmation🔗

MS Defender Connector Installation Wizard - Confirmation Step

Note

Now is a good time to configure a third-party scanner range in VDR to start fetching assets and their vulnerabilities through this connector.