You can use your Microsoft Defender for Endpoint account alongside HighGround to retrieve your Endpoint Protection data. This data can then be used to drive your Cyber KPI's.  In order to synchronise this data to your HighGround account, you will need to connect to Microsoft Defender for Endpoint API by first generating API credentials, and then integrating the tool to via the Integrations module.

The following process is reasonably technical, so please have a member of your IT team complete this if you do not have any prior experience with API's.

Please follow the steps below to generate API credentials for Microsoft Defender for Endpoint first, before moving onto our guide on How to Integrate a tool with your HighGround account.

STEP 1: Log in to Azure

Login to Azure using a Global Administrator account.

STEP 2: Retrieve your Tenant ID

The integration will require your Tenant ID.

To find your Tenant ID, click on Active Directory from the main left-hand menu, and then navigate to Custom Domain Names:

You should now be able to see a list of your domains (these have been blanked out in the screenshot below).

Your tenant ID is the domain ending with '.onmicrosoft.com'.

Take a note of this as you will need it in the last step of this guide. 

STEP 3: Go to App Registrations

From the main left-hand menu of Azure, click on Azure Active Directory, and from there navigate to App registrations:

STEP 4: Register Application

Once in App Registrations, click on the New Registration tab.

You will now see a window where can add the details of your application.

• Name: HighGround.io - Defender for Endpoint
• Supported Account types: ensure the default option 'Accounts in this organizational directory only' is ticked
• Leave the option to add a Redirect URI blank

After adding those details, click the Register button to finish registering your application.

STEP 5: Retrieve your Application ID

Now you have registered the Application, you will be taken to an overview of its details. 

In the second row of this list, you will find your Application (client) ID. This ID will be a 32-character string separated by hyphens. 

Keep a note of your Application (Client) ID as this will be needed in the final step of this guide.

STEP 6: Create a Client Secret

You now need to generate a Client Secret.

To do so, click Add a certificate or secret next to Client Credentials:

Under the Client Secrets section, click New client secret:

This will open a new window where you can enter a description and expiry date for the secret:

• Description: 'HighGround-Secret'
• Expires:...

After defining those details, click Add:

You should now see your Client Secret below the Secret ID column:

Keep a note of your Client Secret as this will be needed in the final step of this guide.

STEP 7: Assign Permissions

You now need need to allocate permissions to the App you have registered. 

To do so, click on API Permissions from the left-hand menu:

You will now see a screen resembling below. Click Add a Permission:

In the window that opens up, click on the tab APIs my Organisation Uses, and click on WindowsDefenderATP:

In the new window that opens, select the Application Permissions option underneath What type of permissions does your application require?:

Next, under Select permissions, expand the following options and tick each permission:

• IntegrationConfiguration 
  • IntegrationConfiguration.readWrite
• Ip
  • Ip.Read.All
• Machine
  • Machine.Read.All
• Score
  • Score.Read.All
• SecurityConfiguration
  • SecurityConfiguration.Read.All
  • SecurityRecommendation.Read.All
• Software
  • Software.Read.All
• Ti
  • Ti.Read.All
• Url
  • Url.Read.All
• User
  • User.Read.All
• Vulnerability
  • Vulnerability.Read.All

After selecting all of the previous permissions, click Add Permissions, and you should now have a list looking like below:

STEP 8: Grant Consent

For now, there will be an orange warning icon in the Status column of your Configured Permissions, indicating that you have not granted consent for this permission.

To consent, tick the Grant admin consent for <name of your organisation> option.

This will prompt you to grant admin consent confirmation. Click Yes to consent.

The previous orange warning icon in the Status column will now update to a green tick to reflect this.

STEP 9: Integrate Microsoft Defender for Endpoint to HighGround

You can now use the App ID, Tenant ID and Client Secret retrieved in earlier steps to integrate the tool to your HighGround account. 

To do so, you will need to go to the Integrations area of your HighGround account, and find the Microsoft Defender for Endpoint under the Endpoint Protection technology. Clicking on 'Connect Tool' will open a window for you to enter your integration details:

What happens next?

Continue with the integration setup (as pictured in the integration connection window above) to complete the process of connecting your Microsoft Defender for Endpoint tool to HighGround. 

Note: that it may take up to 2 minutes to test the connection, so please do not navigate away from the window until this test has completed. 

If you are unsure of how to complete the integration, you can look at our guide on How to Integrate a tool with your HighGround account.