Register and configure the Microsoft Defender for Endpoint in the Microsoft Azure portal
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Security Incident Response integrations
Register the Microsoft Defender for Endpoint application in the Microsoft Azure portal and grant the read and write access to the application.
Before you begin
Role required: Application developer, Tenant administrator.
Procedure
- Log in to the Microsoft Azure portal.
- Enter App registrations in the Search box, and click Click New registration.
-
Enter a name for your application and the redirect URI, and click
Register.
An example name is Microsoft Defender for Endpoint. The Redirect URI is used while providing admin consent for the application.
- In the App registrations page, select the application that you registered in Step 3.
- Under Manage, select Certificates & secrets.
- To create a client secret, select New client secret.
-
Copy the client secret and save it.
In case you forgot the client secret, you can generate a new client secret.
- Navigate to Manage > API Permissions.
- Click Add a permission.
- In the Request API permissions window, click the APIs my organization uses tab.
- Search for and select WindowsDefenderATP.
-
In the WindowsDefenderATP permissions, select Application
permissions.
Enabling this permission ensures that the application runs as a background service or daemon without a signed-in user.
-
Add the following application level permissions and grant admin consent for the
newly added API permissions.
Permission Permission Display Name Machine.Read.All Read all machine profiles User.Read.All Read user profiles Machine.Isolate Isolate machine Machine.RestrictExecution Restrict code execution Machine.Scan Scan machine Machine.StopAndQuarantine Stop and Quarantine URL.Read.All Read URLs File.Read.All Read file profiles Ip.Read.All Read IP address profiles Ti.ReadWrite.All Read and write Indicators