Microsoft Defender for Endpoint

This document provides a comprehensive guide on integrating Microsoft Defender for Endpoint with ActZero.

There are three main steps:

1. Copy Tenant ID from Microsoft Azure Portal
2. Configure the integration in the ActZero Portal
3. Verify your integration in the ActZero Portal

After you complete the steps on this page to integrate your Defender for Endpoint account, work with ActZero personnel to configure access for advanced threat hunting and recommended security policy.

Prerequisites

Before beginning, you must have:

• MS Azure Global Administrator privileges
• Microsoft licenses required to enable the integration (Defender for Endpoint P1/P2, Defender for Business, Azure AD P1/P2)

Instructions

Step 1: Copy Tenant ID from the Microsoft Azure Portal

• Log in to the Microsoft Azure Portal with a Global Administrator account.
• Navigate to Microsoft Entra ID
• Click the copy button () to copy the Tenant ID

Step 2: Configure the integration in the ActZero Portal

• Click ONBOARDING under the settings (gear) icon in the ActZero Portal
• Click Endpoints on the menu at the right side of the screen
• Click click here next to the ActZero shield icon in the ActZero Portal to grant ActZero Defender MDR app access.
• Review the requested permissions, read the terms of acceptance, and click Accept

Step 3: Verify your integration in the ActZero Portal

Finally, click TEST to make sure the integration is successfully ingesting data

Troubleshooting

For help, please contact us at support@actzero.ai