Last updated on: May 20th, 2022
Integrating Microsoft 365 Defender to vScope allows you to fetch any assets (eg. computers and applications) found in Microsoft 365 Defender portal. Any assets found in any additional data source will automatically be merged into one asset by vScope.
ℹ️ Integrate vScope with Azure
Please make sure that you have integrated vScope with Azure before continuing.
Add sufficient permissions
To collect information from Microsoft 365 Defender, you need to add various API permissions to vScope in Azure.
1. Go to App Registrations and select your vScope application, created in the step above
2. Go to API permissions >, + Add a permission
3. In the sidebar, select the APIs my organization uses and search for WindowsDefenderATP
4. Depending on your application, select Delegated permissions or Application permissions
5. Under AdvacedQuery, toggle AdvancedQuery.Read.All
6. Under Machine, toggle Machine.Read.All
7. Click Add Permissions
8. Ensure to click Grant admin consent for… button to commit changes
Configure integration in vScope
Head over to vScope, Discovery Manager > Credentials > Azure. Under Inventory Settings, make sure that Microsoft 365 Defender is enabled and that Endpoint (Computers & Mobile Devices) and Softwares (Applications) are enabled.
Hit Update to save your credential.
Run a Discovery
Select the Azure credential and click Rediscover. vScope will now collect and analyze assets from Microsoft 365 Defender and you will be able to create and browse content about your Microsoft 365 Defender portal.