Defense.com

This integration collects logs and security alerts from your Microsoft 365 account and brings them into Defense.com, making your cyber security easier to manage.

<a href="#h_ba534807dc">Integration steps</a>

<a href="#h_6700672ebf">Log and alert types</a>

- <a href="#h_ba534807dc">Integration steps</a>
- <a href="#h_6700672ebf">Log and alert types</a>

To complete this integration you’ll need access to your Azure administration account via <a href="https://portal.azure.com" rel="nofollow noopener noreferrer" target="_blank">portal.azure.com </a>and appropriate permissions (such as Global Administrator or Application Developer) to create and manage app registrations.

You should also ensure that Azure Audit logging is enabled according to the steps outlined in this article: <a href="https://learn.microsoft.com/en-us/purview/audit-log-enable-disable?tabs=microsoft-purview-portal" rel="nofollow noopener noreferrer" target="_blank">Enable or disable audit log</a>.

Log into <a href="" rel="nofollow noopener noreferrer" target="_blank">my.defense.com</a>

From your dashboard, click the Microsoft 365 Integration button.

This will launch the Microsoft 365 integration wizard.

You will need to enter the following credentials to continue:

- Application (Client) ID
- Directory (Tenant) ID
- Client Secret Value

Click Check Credentials to verify the details entered are valid.

If the credentials are valid you'll be asked to set the following permission within Azure:

- Microsoft Graph
 SecurityEvents.ReadWrite.All
 SecurityAlert.ReadWrite.All SecurityIncident.ReadWrite.All
 ThreatIntelligence.Read.All
 User.ReadBasic.All
 
- Office 365 Management APIs
 ActivityFeed.Read
 ActivityFeed.ReadDlp
 ServicesHealth.Read

You can check the permissions have been added correctly by clicking the Check buttons on the right. Click Next to proceed.

___________________________________________________________

That's it! 🎉The integration is now complete. You can now view your <a href="https://my.defense.com/microsoft365_integration" rel="nofollow noopener noreferrer" target="_blank">Microsoft 365 integration dashboard</a>.

1. Log into <a href="" rel="nofollow noopener noreferrer" target="_blank">my.defense.com</a>
 
2. From your dashboard, click the Microsoft 365 Integration button.
 
 
 
3. This will launch the Microsoft 365 integration wizard.
4. Click Next.
 
 
 
5. You will need to enter the following credentials to continue:
 
 - Application (Client) ID
 - Directory (Tenant) ID
 - Client Secret Value
 
 
 
6. Click Check Credentials to verify the details entered are valid.
 
 
 
7. If the credentials are valid you'll be asked to set the following permission within Azure:
 
 - Microsoft Graph
 SecurityEvents.ReadWrite.All
 SecurityAlert.ReadWrite.All SecurityIncident.ReadWrite.All
 ThreatIntelligence.Read.All
 User.ReadBasic.All
 
 - Office 365 Management APIs
 ActivityFeed.Read
 ActivityFeed.ReadDlp
 ServicesHealth.Read
 
 
 
8. You can check the permissions have been added correctly by clicking the Check buttons on the right. Click Next to proceed.
 
 
 
9. Click Complete. 
 
 
 
 ___________________________________________________________
 
 That's it! 🎉The integration is now complete. You can now view your <a href="https://my.defense.com/microsoft365_integration" rel="nofollow noopener noreferrer" target="_blank">Microsoft 365 integration dashboard</a>.

The following audit logs are supported from Office 365 and Azure AD:

- Audit.AzureActiveDirectory
- Audit.Exchange
- Audit.SharePoint
- DLP.All
- Any many more

The following alert sources are supported:

- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender For Office365
- Microsoft 365 Defender
- Microsoft Entra ID Protection
- Microsoft app governance
- Microsoft Purview Data Loss Prevention
- Microsoft Defender for Cloud

For more information about this Microsoft 365 integration please contact our support team via the chat in your Defense.com account.

Easily integrate your Microsoft 365 account with Defense.com to get alerted to new threats and security recommendations.