Defender data source

Data Manager is included in all Service Collection Premium and Enterprise plans.

Defender is an antivirus and endpoint protection tool produced by Microsoft.

The Defender data source uses an API connection to bring device data into Data Manager. It requires an application registered in Azure to obtain a Tenant ID, Client ID, and Application ID. Work with your Defender SME as needed.

This task requires Data Manager & Adapters admin permissions to complete. See how permissions and roles work in Data Manager.

How do I connect Defender to Data Manager?

  1. Gather all of the Data Manager type information, including the data source name, short display name, and the data source type.

  2. Gather the Defender fields – this may require consultation with the Defender subject matter expert (SME).

  3. In Data Manager, add a new data source by selecting the tool you which to connect and configure with all the gathered information.

Each time this data source is fetched the data becomes raw data.

Data Manager fields

You need to specify the following information from Data Manager:

  • Data source name – the name of the data source used to run, transform, map, cleanse, and import the data.

  • Short display name – a unique name as a data source label.

  • Data source type – what type of data the tool is providing. For example, Assets, CMDB, user location.

Defender fields

  • Client‑ID – identifies the application in Defender/Azure.

  • Client secret – secret string used when requesting tokens.

  • Tenant ID – unique identifier for the Defender tenant, used for authentication.

認証と承認

  1. Register the application in the Azure portal to obtain Tenant ID, Client ID, and Application ID.

  2. Generate the Client secret.

  3. In the app’s Overview page, under Manage, go to API permissions > Add a permission.

  4. Select WindowsDefenderATP from the API list.

  5. Add the permission Machine.Read.All and grant admin consent.

  6. Select Add permissions.

API 呼び出し

The documented API permission for Defender is:

  • Device.Read.All

Fields retrieved

次のフィールドが取得されます。

Id AgentVersion ComputerDnsName OsBuild FirstSeen HealthStatus LastSeen DeviceValue OsPlatform RbacGroupId OsVersion RbacGroupName OsProcessor RiskScore Version ExposureLevel LastIpAddress IsAadJoined LastExternalIpAddress AadDeviceId

さらにヘルプが必要ですか?

アトラシアン コミュニティをご利用ください。