Microsoft Defender for Endpoint

Integrate Microsoft Defender for Endpoint With Blumira’s Cloud SIEM

Click here for the most updated version of this documentation.

Microsoft Defender for Endpoint, (formerly Defender Advanced Threat Protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Blumira integrates with Microsoft Defender for endpoint to stream Office endpoint security events and alerts to the Blumira service for threat detection, alerting and actionable response.

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

Integrating with Microsoft Defender for Endpoint

Before you begin

First, integrate Azure Event Hubs with Blumira by completing the steps in Integrating with Microsoft Azure Event Hubs.

Forwarding events to Blumira

To connect Defender for Endpoints to your Blumira event hub in Azure:

Log in to endpoint.microsoft.com.
Click Tenant Administration.
Click Diagnostic Settings.
Click + Add Diagnostic Setting.
Type a name such as “Blumira Logging” or whatever you prefer.
Select all Log Categories.
Select Stream to an Event Hub.
Under Event hub name, select the name of the hub you created for the Blumira integration.
Click Save.