Install and configure Microsoft Defender for Cloud Integration for Security Operations
Install and configure the Microsoft Defender for Cloud Integration for Security Operations, so that you can use the data that is imported from Microsoft Defender for Cloud to prioritize and remediate any misconfigurations on your assets.
Before you begin
Create a new app registration on Azure Active Directory for the Microsoft Defender for Cloud Integration. For more information on how to register a new application on Azure Active Directory, see the Microsoft product documentation site. For more information on Azure roles, see Azure roles.
Role required: sn_vulc.admin
Procedure
| Field | Description |
|---|---|
| API URL | Resource URL of the instance. Example: https://management.azure.com (Azure public cloud) |
| Tenant ID | Tenant identity of your organization. |
| Integration instance | Default instance. You can also create an instance for bringing the data from multiple Microsoft Defender tenants or subscriptions. |
| Client ID | Client identity that is generated after the Microsoft Defender for Cloud Integration application is registered. |
| Client secret | Client secret that is generated after the Microsoft Defender for Cloud Integration application is registered. |
| Import Findings from | Resources and assessments that correspond to the selected management group IDs and subscription IDs that are to be retrieved. |
| Management Group IDs | Resources and assessments that correspond to the management Group IDs that are to be retrieved. Note: This field appears only when you select Specific Management Groups from the
Import Findings from field. |
| Subscription IDs | Identification numbers of the subscriptions for which the resources and assessments are to be retrieved. Note: This field appears only when you select Specific Subscriptions from the
Import Findings from field. |
| Validation status | Whether the credentials and subscription ID that are provided are valid. |