Microsoft Defender Analytics Setup Guide

This manual offers detailed steps for configuring Microsoft Defender Analytics, assisting security teams in effortlessly setting up insights, automating the data gathering process, and maintaining a secure and efficient analytics environment.

Install Azure Defender Request Trial License Configure Power BI Create Azure App Configure Data Sync

Install Azure Defender Analytics

Setting up Azure Defender Analytics is straightforward. There is no need for on-premises infrastructure, as the app can be installed directly from Microsoft AppSource into your Power BI tenant. After installation, you have the option to explore the application with the provided sample data or request a fully functional trial license that lasts 30 days.

Prerequisites

To carry out this step, the user must possess a Power BI Pro license, a Power BI Premium Per User license, or the Power BI tenant must have a Power BI Premium license. For individuals interested in testing Azure Defender Analytics without immediately purchasing Microsoft licenses, Microsoft provides a free trial for the Power BI Pro license through self-service sign-up. Authorization to create an App Registration in Azure AD is necessary to set up the trial.

To get started select the “Install Now” button to be directed to Microsoft App Source

Schedule a Call

Step 1

Select the “Install Now” button above.
On the Azure Defender Analytics page in Microsoft AppSource select Get it now.

Step 2

Enter your work email address and select Sign in.

Step 3

Select Install.

Step 4

A notification indicating that Azure Defender Analytics is being installed will appear. After this notification has disappeared, you will know that Azure Defender Analytics has been successfully installed. You can now access the app with the sample data provided, or you can connect your own data requesting a trial license key.

Step 5

When you access the Azure Defender Analytics workspace, you might see a notification that states, “You’re viewing this app with sample data. Connect your data.” This can be disregarded without concern. If you’re interested in exploring Azure Defender Analytics prior to linking your data, it comes pre-installed with sample data. However, if you’d rather view your own data, continue to the next step in our documentation.

Request Trial License

Please complete the following form to receive a trial license key by email. You should receive the key within 10 min of submitting the form. If you do not see the email, please check your junk folder. Note that only one key per email domain will be generated, if you or someone else from your organization has previously requested a key contact us at yasir@brickclay.com for assistance.

Sign-up for a fully functional 30-day free trial.

Send Trial Key Request

Configure Power BI to Use Azure Microsoft Defender Analytics App

Now that your Azure App Registration is ready, let’s plug those values into your Power BI workspace so it can securely pull data from Microsoft Defender for Endpoint using the Azure Microsoft Defender Analytics product.

Step-by-Step Guide to Connect the App in Power BI

Go to Your Workspace

Open https://app.powerbi.com
From the left-hand navigation, click on Workspaces
Click on the workspace where you deployed Azure Microsoft Defender Analytics App

Open Dataset Settings

In your workspace, find the Azure Microsoft Defender Analytics semantic model (dataset)
Hover your mouse over it — click the three vertical dots (⋮)
Select Settings

Enter Your App Details in Parameters

Scroll down to the Parameters section.
You’ll see fields that require your Azure App Registration info.
Fill in the following:
Click Apply to save.

Field Label	What to Enter
API Key	This is provided by Brickclay.
Azure AD Client ID	Paste your Application (client) ID from Azure.
Azure AD Client Secret	Paste the Value from the client secret you created. Don’t use the “Secret ID”!
Azure AD Tenant ID	Paste your Directory (tenant) ID from Azure.

Set Up Data Source Credentials

Scroll down to Data source credentials
For each listed data source, follow these steps:

1
Click Edit credentials
2
Select Authentication method as Anonymous
3
Set Privacy level to Organizational
4
Check Check Skip test connection
5
Click Sign In

Repeat the above steps for each API URL listed under data source credentials

Set Up Data Source Credentials

Now that credentials and parameters are set:

Go back to your semantic model
Click the three dots (⋮) again
Select Refresh now

If all your information is correct, the data will start syncing securely from Microsoft Defender for Endpoint into Power BI.

That’s It!

You’ve now:

Created and secured an Azure App
Granted API permissions for Microsoft Defender
Connected the app with Power BI
Configured credentials
Refreshed live data

Your Azure Microsoft Defender Analytics dashboard is now pulling in real-time insights from Microsoft Defender for Endpoint.

Step-by-Step Guide: How to Create an Azure App Registration for Microsoft Defender Analytics

This simple guide helps you set up a secure connection between Microsoft Defender for Endpoint and Azure Microsoft Defender Analytics using an Azure App Registration. Even if you have never done this before, just follow each step carefully.

What You Need Before Starting:

A Microsoft Azure account.
You must be logged in as a Global Administrator.
You must also have Subscription Admin permission.

Part 1: Register the Application in Azure

Open App Registrations

Go to:https://portal.azure.com
Sign in using your Global Administrator account.
In the search bar at the top, type App registrations and click on it.

Click on the “+ New registration” button.”

Fill Out App Registration Details

Enter a name for the app. Example: DefenderAnalyticsApp
Under Supported account types, select:
“Accounts in this organizational directory only”
Leave the Redirect URI empty.

Click the Register button.

Part 2: Add API Permissions to the App

We need to tell Azure what data this app can access.

Open API Permissions

After registration, you’ll be taken to the app’s page.
Click on “API permissions” from the left menu.

Remove any default permissions by clicking the three dots … next to User.Read and selecting Remove permission

Add Microsoft Graph Permissions

Click “+ Add a permission”.

Click Microsoft Graph > Application permissions.

Use the search box to find and check the following permissions:
Application.Read.All

Use the search box to find and check the following permissions:
SecurityAlert.Read.All
SecurityEvents.Read.All

Use the search box to find and check the following permissions:
SecurityIncident.Read.All

Use the search box to find and check the following permissions:
User.Read.All
Click Add permissions at the bottom.

Add Defender Permissions

Click “+ Add a permission”.

Click “APIs my organization uses”.
Search for WindowsDefenderATP and click it.

Click Application permissions.
Search and check the following:
Alert.Read.All

Search and check the following:
Machine.Read.All

Search and check the following:
Score.Read.All

Search and check the following:
SecurityRecommendation.Read.All

Search and check the following:
Software.Read.All

Search and check the following:
User.Read.All

Search and check the following:
Vulnerability.Read.All
Click Add permissions.

Grant Admin Consent

Back in the API permissions page, click
“Grant admin consent for [Your Org Name]”.
Click “API permissions” from the left menu.

Click Yes when asked for confirmation.

Part 3: Create a Secret Key (Password)

This is like a password your app will use to connect to Microsoft services.

Generate a Client Secret

On the left menu, click Certificates & secrets.
Click on “+ New client secret”.

In the Description, enter something like DefenderSecretKey.
Choose how long it should last (6 months, 12 months, etc.)

Click Add.

Copy the Value shown immediately. This is your secret key. You won’t be able to see it again later!

Part 4: Save Important IDs

Click on Overview from the left menu.
You will see these values:
Application (client) ID -> Save this as your Client ID
Directory (tenant) ID -> Save this as your Tenant ID

You will use these along with the Client Secret to connect from Power BI or Fabric.

Summary of Required Permissions

API	Permission Name	Description
Microsoft Graph	Application.Read.All	Read all applications
Microsoft Graph	SecurityAlert.Read.All	Read all security alerts
Microsoft Graph	SecurityEvents.Read.All	Read organization’s security events
Microsoft Graph	SecurityIncident.Read.All	Read all security incidents
Microsoft Graph	User.Read.All	Read full user profiles
WindowsDefenderATP	Alert.Read.All	Read Defender alerts
WindowsDefenderATP	Machine.Read.All	Read Defender machine profiles
WindowsDefenderATP	Score.Read.All	Read risk/vulnerability scores
WindowsDefenderATP	SecurityRecommendation.Read.All	Read security recommendations
WindowsDefenderATP	Software.Read.All	Read installed software
WindowsDefenderATP	User.Read.All	Read Defender user profiles
WindowsDefenderATP	Vulnerability.Read.All	Read vulnerability data

You’re Done!

Your app is now ready to connect securely with Microsoft Defender. You can use it to pull data into Power BI, Microsoft Fabric, or other systems securely.
Make sure you store your Client ID, Tenant ID, and Client Secret (Value) in a safe place!

Configure Data Synchronization

Data is synchronized from the data sources to Power BI on a schedule as described here. Most customers sync approximately 3 times per day.

Step 1

Select Workspaces.
Select the BI for Defender workspace.

Select the Microsoft Defender Analytics workspace.

Step 2

Hover over the Azure Defender Analytics Semantic model Semantic model to reveal a menu (three vertical dots).
Select Settings

Step 3

Expand Expand refresh.
Enable Configure a refresh Schedule slider to On.
Select Add another time and enter up to 8 times for the data synchronization to happen.
Optionally, enter contacts to be notified of synchronization failures.
Select Apply.