Install and configure Microsoft Defender for Cloud Integration for Security Operations

Watch

Save as PDF

Share this page

Feedback

Security Operations

HomeWashington DC Security ManagementSecurity OperationsAttack surface management applicationsConfiguration ComplianceConfiguration Compliance integrationsMicrosoft Defender for Cloud Integration for Security OperationsInstall and configure Microsoft Defender for Cloud Integration for Security Operations

Table of Contents

Install and configure Microsoft Defender for Cloud Integration for Security Operations

Release version:
Washington DC
Yokohama
Xanadu
Vancouver
UpdatedMar 26, 2025
2 minutes to read

Washington DC
Configuration Compliance

Install and configure the Microsoft Defender for Cloud Integration for Security Operations, so that you can use the data that is imported from Microsoft Defender for Cloud to prioritize and remediate any misconfigurations on your assets.

Before you begin

Create a new app registration on Azure Active Directory. For more information on how to register a new application on Azure Active Directory, search for Register a client application in Azure Active Directory on the Microsoft documentation site. Assign the Security Reader role for the newly created app registration on the relevant scope with which you would like to connect to ServiceNow. It can be on a management group or subscription level.

Role required: sn_vulc.admin

Procedure

Navigate to All > System Definition > Plugins.
In the search bar, search for Microsoft Defender for Cloud Integration for Security Operations.
Select Install.

Any dependencies that will be installed are displayed.
Navigate to All > Microsoft Defender for Cloud Integration > Administration > Configuration > Microsoft Defender for Cloud Configuration.
On the form, fill in the fields.

Search:

Table 1. Microsoft Defender for Cloud Configuration form
Field	Description
API URL	Resource URL of the instance. Example: https://management.azure.com (Azure public cloud)
Tenant ID	Tenant identity of your organization.
Integration instance	Default instance. You can also create an instance for bringing the data from multiple Microsoft Defender tenants or subscriptions.
Client ID	Client identity that is generated after the Microsoft Defender for Cloud Integration application is registered.
Client secret	Client secret that is generated after the Microsoft Defender for Cloud Integration application is registered.
Import Findings from	Resources and assessments that correspond to the selected management group IDs and subscription IDs that are to be retrieved.
Management Group IDs	Resources and assessments that correspond to the management Group IDs that are to be retrieved. Note: This field appears only when you select Specific Management Groups from the Import Findings from field.
Subscription IDs	Identification numbers of the subscriptions for which the resources and assessments are to be retrieved. Note: This field appears only when you select Specific Subscriptions from the Import Findings from field.
Validation status	Whether the credentials and subscription ID that are provided are valid.

Configure or run the integrations by selecting Save and test.

Was this topic helpful?

Yes No

Microsoft Defender for Cloud Integration for Security Operations

Configuration Compliance imported data for Microsoft Defender for Cloud Integration

Microsoft Defender for Cloud Integration for Security Operations

Configuration Compliance imported data for Microsoft Defender for Cloud Integration

Washington DC Security Management

Filters

Versions

Products