Microsoft Defender for Endpoint, (formerly Defender Advanced Threat Protection) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Blumira integrates with Microsoft Defender for endpoint to stream Office endpoint security events and alerts to the Blumira service for threat detection, alerting and actionable response.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Blumira integrates with Microsoft Defender for Endpoint using Microsoft Event Hub.
Before you begin, please make sure to configure your Azure Event Hub to integrate with Blumira using Blumira’s Azure Event Hub Documentation.
Step 1: Log in to Microsoft Defender Security Center with a Global Admin user.
Step 2: Go to Data export settings page on Microsoft Defender Security Center.
Step 3: Click on Add data export settings.
Step 4: Choose a name for your new settings.
Step 5: Choose Forward events to Azure Event Hubs.
Step 6: Type your Event Hubs name and your Event Hubs resource ID. In order to get your Event Hubs resource ID, go to your Azure Event Hubs namespace page on Azure > properties tab > copy the text under Resource ID: Image of event hub resource IdChoose the events you want to stream and click Save.