Back Arrow Back to All Integrations

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

 

Microsoft Defender for Endpoint – formerly Defender Advanced Threat Protection (ATP) Integration With Blumira’s Cloud SIEM

Microsoft Defender for Endpoint, formerly Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Blumira integrates with Microsoft Defender for endpoint to stream Office endpoint security events and alerts to the Blumira service for threat detection, alerting and actionable response.

Configuring Microsoft Defender for Endpoint

Blumira integrates with Microsoft Defender for Endpoint using Microsoft Event Hub.

Before you begin, please make sure to configure your Azure Event Hub to integrate with Blumira using Blumira’s Azure Event Hub Documentation.

Step 1: Log in to Microsoft Defender Security Center with a Global Admin user.

Step 2: Go to Data export settings page on Microsoft Defender Security Center.

Step 3: Click on Add data export settings.

Microsoft Defender ATP SettingsMicrosoft Defender for Devices Settings

Step 4: Choose a name for your new settings.

Step 5: Choose Forward events to Azure Event Hubs.

Step 6: Type your Event Hubs name and your Event Hubs resource ID. In order to get your Event Hubs resource ID, go to your Azure Event Hubs namespace page on Azure > properties tab > copy the text under Resource ID: Image of event hub resource IdChoose the events you want to stream and click Save.