|
<< Click to Display Table of Contents >> Raynet One Data Hub > 2025.4 > Connectors > Alphabetic Connector List > Microsoft Defender Prerequisites |
In order to call the Microsoft Defender for Endpoint API, an access token from the Microsoft Corporation identity platform (Azure AD / Microsoft Entra) is required. The access token contains information about the connector and the permissions it has for the resources and APIs available through Defender for Endpoint. The connector app must be registered with Microsoft Entra and be authorized (by a user or an administrator) for the Defender for Endpoint APIs that your connector will use.
Integrate the connector by registering it with the Microsoft identity platform, thereby establishing the information that is used to obtain tokens:
•Application ID: A unique identifier assigned by Microsoft Entra when you register the application.
•Redirect URI/URL: For apps with interactive flows, one or more endpoints where the connector receives responses from Microsoft identity platform.
•Application Secret: A password (client secret) or a public/private key-pair (certificate) that the connector uses to authenticate with the Microsoft identity platform.
In order to register the connector execute the following steps:
1.Sign in to the Azure portal.
2.If the account has access to more than one tenant, select the Azure AD tenant by selecting the account in the top right corner and setting the session to the respective tenant.
3.In the Azure portal navigation pane, select Azure Active Directory (or Microsoft Entra ID) > App registrations > New registration.
4.On the Register an application page enter the registration information for the connector.
•Name: Enter a meaningful name that will be displayed to the users.
•Supported account types: Select which accounts will be supported by the connector:
Supported account types |
Description |
|---|---|
Accounts in this organizational directory only |
This option maps to Azure AD only single-tenant.
This is the default option unless the app is being registered outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts. |
Accounts in any organizational directory |
This option maps to an Azure AD only multi-tenant.
If the connector has been registered as Azure AD only single-tenant, it can be updated to be Azure AD multi-tenant and back to single-tenant through the Authentication blade. |
Accounts in any organizational directory and personal Microsoft accounts |
This option maps to the Azure AD multi-tenant and personal Microsoft accounts.
If the connector has been registered as Azure AD multi-tenant and personal Microsoft accounts, it cannot be changed in the UI. Instead it is necessary to use the application manifest editor to change the supported account types. |
•Redirect URI (optional) - Select Web as application type. Provide the base URL of your Raynet One Data Hub
5.When finished, select Register.
6.After registration, note down the Application (client) ID and Directory (tenant) ID from the Overview page of the app.
7.Under Certificates & secrets, create a new client secret (or upload a certificate) and copy the generated value (you won’t be able to retrieve it later).