Defender for Endpoint

Subscribe
Download 24
Last updated Jun 30, 2024

Install Guide

Azure Entra App Registration

Log in to the Azure portal, register the Logpresso app, and grant read permission for Defender for Endpoint.

Defender for Endpoint - app registration #1

Defender for Endpoint - app registration #2

Click the API Permissions menu and select the Add a permission button.

Defender for Endpoint - app registration #3

In the new dialog that opens, select WindowsDefenderATP.

Defender for Endpoint - app registration #4

Click Application Permissions and add the Alert.Read.All and Machine.Read.All permissions.

Defender for Endpoint - app registration #5

Finally, click the Grant admin consent button to complete the permission setup.

Defender for Endpoint - app registration #6

Register API Key

Go to the Certificates & Secrets menu, click on the Client Secrets tab, and add a new client secret.

Defender for Endpoint - client secret #1

Copy the newly created client secret and store it in a safe location.

Defender for Endpoint - client secret #2

Lastly, copy and store the Application (Client) ID and Directory (Tenant) ID in a secure location.

Firewall Policy Setup

Ensure the firewall policies allow Defender for Endpoint to connect to the following endpoints:

  • https://login.microsoftonline.com (for OAuth authentication)
  • https://api.securitycenter.microsoft.com (for API communication)

Logpresso Connect Profile Setup

Go to the Connect profiles menu and click the Add button. Select the Microsoft Defender for Endpoint profile type and enter the App ID, Tenant ID, and Client Secret to register the new connection profile.

Defender for Endpoint - Conncet Profile

Defender for Endpoint Alert Logger Setup

Select the Defender for Endpoint Alert logger model and enter the connect profile identifier to complete the setup. The default dashboards and datasets refer to the EPP_DEFENDER table.