Skip to main content

How to Integrate Microsoft 365 into Defense.com

Easily integrate your Microsoft 365 account with Defense.com to get alerted to new threats and security recommendations.

Alan Butcher avatar
Written by Alan Butcher
Updated over 2 weeks ago

This integration collects logs and security alerts from your Microsoft 365 account and brings them into Defense.com, making your cyber security easier to manage.

To complete this integration you’ll need access to your Azure administration account via portal.azure.com and appropriate permissions (such as Global Administrator or Application Developer) to create and manage app registrations.

You should also ensure that Azure Audit logging is enabled according to the steps outlined in this article: Enable or disable audit log.

Creating the application

  1. Under the Manage menu, click App Registrations.

  2. Click New Registration.

  3. Name the application Defense.com. Leave other options as default and click Register.

  4. Take note of the Application (client) ID and the Directory (tenant) ID as we'll require these later when going through the Defense.com integration.

Setting permissions

  1. From the manage menu, open API permissions and click Add a permission.

  2. Select Microsoft Graph then Application permissions.

  3. Select the following permissions.

  4. Click Add permissions then Add a permission.

  5. Select Office 365 Management APIs then Application permissions.

  6. Select the following permissions.

  7. Click Add permissions

  8. Click Grant admin consent for to allow the application to access the Microsoft 365 API without having to ask for consent for users.

Creating Client Secret

  1. From the manage menu, open Certificates & Secrets.

  2. Under the Client Secrets section, click on the + New client secret button.

  3. Enter a description for the client secret to help you identify its purpose (e.g., Defense.com). Next, set the expiration duration to 365 days (12 months) to ensure the secret remains valid for one year.

  4. After configuring the client secret, click the Add button. The client secret will be generated and displayed on the screen.

  5. Make a note of the following details as these will be required during the integration within Defense.com:

    Application (client) ID: This is your application's unique identifier in Azure AD. It's displayed at the top of the application's overview page.

    Directory (tenant) ID: This is your Azure AD tenant's unique identifier. You can find it on the Azure AD overview page.

    Client Secret Value: The client secret you generated. Copy and save it securely because you won't be able to retrieve it again.

Integration steps

  1. From your dashboard, click the Microsoft 365 Integration button.

  2. This will launch the Microsoft 365 integration wizard.

  3. Click Next.

  4. You will need to enter the following credentials to continue:

    • Application (Client) ID

    • Directory (Tenant) ID

    • Client Secret Value

  5. Click Check Credentials to verify the details entered are valid.

  6. If the credentials are valid you'll be asked to set the following permission within Azure:

    • Microsoft Graph

      User.ReadWrite.All

      User.RevokeSessions.All.

      SecurityEvents.ReadWrite.All

      SecurityAlert.ReadWrite.All

      SecurityAlert.Read.All

    • Office 365 Management APIs

      ActivityFeed.Read

      ActivityFeed.ReadDlp

      ServicesHealth.Read

  7. Click Next to proceed.

  8. Click Complete.


    That's it! 🎉The integration is now complete. You can now view your Microsoft 365 integration dashboard.

Log and alert types

The following audit logs are supported from Office 365 and Azure AD:

  • Audit.AzureActiveDirectory

  • Audit.Exchange

  • Audit.SharePoint

  • DLP.All

  • Any many more

The following alert sources are supported:

  • Microsoft Defender for Endpoint

  • Microsoft Defender for Identity

  • Microsoft Defender for Cloud Apps

  • Microsoft Defender For Office365

  • Microsoft 365 Defender

  • Microsoft Entra ID Protection

  • Microsoft app governance

  • Microsoft Purview Data Loss Prevention

  • Microsoft Defender for Cloud

For more information about this Microsoft 365 integration please contact our support team via the chat in your Defense.com account.

Did this answer your question?