Schedule a Call Contact Us
Back

Microsoft Defender Analytics Setup Guide

Lorem ipsum dolor sit amet consectetur adipiscing elit. Quisque faucibus ex sapien vitae pellentesque sem placerat. In id cursus mi pretium tellus duis convallis. Tempus leo eu aenean sed diam urna tempor. Pulvinar vivamus fringilla lacus nec metus bibendum egestas. Iaculis massa nisl malesuada lacinia intege.

Install BI for Defender Request Trial License Configure Power BI Create Azure App Configure the Dataset Configure Data Sync

Install BI for Defender

Installing BI for Defender is quite simple. BI for Defender requires no on-premises infrastructure, the app installs from Microsoft AppSource directly into your Power BI tenant. Once installed you can try the application using the supplied sample data or you can choose to request a fully functional 30-day trial license.

Prerequisites

  • The user performing this step requires a Power BI Pro license, Power BI Premium Per User license, or the Power BI tenant must be licensed for Power BI Premium. Microsoft offers a free Power BI Pro trial license via self-service sign-up for those who want to try BI for Defender before purchasing Microsoft licenses.
  • Permissions to create an App Registration in Azure AD are required to configure the trial.

To get started select the “Install Now” button to be directed to Microsoft App Source

Schedule a Call

Lorem ipsum dolor sit amet

1

Lorem ipsum dolor sit amet

  • Select the “Install Now” button above.
  • On the BI for Defender page in Microsoft AppSource select Get it now.
2

Lorem ipsum dolor sit amet

  • Enter your work email address and select Sign in.
3

Lorem ipsum dolor sit amet

  • Select Install.
4

Lorem ipsum dolor sit amet

  • You will see a notification that BI for Defender is installing. Once this has disappeared you have successfully installed BI for Defender. You may now view the app using the sample data provided or you can connect your data by requesting a trial license key.
5

Lorem ipsum dolor sit amet

  • Upon opening the BI for Defender workspace you may notice a banner that says, “You’re viewing this app with sample data. Connect your data.” This can be safely ignored. If you’d like to try BI for Defender before connecting your data it installs with sample data. If you prefer to go ahead and see your own data proceed to the next step in our documentation.

Request Trial License

Please complete the following form to receive a trial license key by email. You should receive the key within 10 min of submitting the form. If you do not see the email, please check your junk folder. Note that only one key per email domain will be generated, if you or someone else from your organization has previously requested a key contact us at yasir@brickclay.com for assistance.

Sign-up for a fully functional 30-day free trial.

Start Trial Now

Configure Power BI to Use Azure Microsoft Defender Analytics App

Now that your Azure App Registration is ready, let’s plug those values into your Power BI workspace so it can securely pull data from Microsoft Defender for Endpoint using the Azure Microsoft Defender Analytics product.

Step-by-Step Guide to Connect the App in Power BI

1

Go to Your Workspace

  • Open https://app.powerbi.com
  • From the left-hand navigation, click on Workspaces
  • Click on the workspace where you deployed Azure Microsoft Defender Analytics App
2

Open Dataset Settings

  • In your workspace, find the Azure Microsoft Defender Analytics semantic model (dataset)
  • Hover your mouse over it — click the three vertical dots (⋮)
  • Select Settings
3

Enter Your App Details in Parameters

  • Scroll down to theParameters section.
  • You’ll see fields that require your Azure App Registration info.
  • Fill in the following:
  • Click Apply to save.
Field Label What to Enter
API Key This is provided by Brickclay.
Azure AD Client ID Paste your Application (client) ID from Azure.
Azure AD Client Secret
Paste the Value from the client secret you created. Don’t use the “Secret ID”!
Azure AD Tenant ID Paste your Directory (tenant) ID from Azure.
4

Set Up Data Source Credentials

  • Scroll down to Data source credentials
  • For each listed data source, follow these steps:
  • 1

    Click Edit credentials

  • 2

    Select Authentication method as Anonymous

  • 3

    Set Privacy leveltoOrganizational

  • 4

    Check Check Skip test connection

  • 5

    Click Sign In

  • Repeat the above steps for each API URL listed under data source credentials
5

Set Up Data Source Credentials

Now that credentials and parameters are set:

  • Go back to your semantic model
  • Click the three dots (⋮) again
  • Select Refresh now
  • If all your information is correct, the data will start syncing securely from Microsoft Defender for Endpoint into Power BI.

That’s It!

  • You’ve now:
  • Created and secured an Azure App
  • Granted API permissions for Microsoft Defender
  • Connected the app with Power BI
  • Configured credentials
  • Refreshed live data
  • Your Azure Microsoft Defender Analytics dashboard is now pulling in real-time insights from Microsoft Defender for Endpoint.

Step-by-Step Guide: How to Create an Azure App Registration for Microsoft Defender Analytics

This simple guide helps you set up a secure connection between Microsoft Defender for Endpoint and Azure Microsoft Defender Analytics using an Azure App Registration. Even if you have never done this before, just follow each step carefully.

What You Need Before Starting:

  • TA Microsoft Azure account.
  • You must be logged in as a Global Administrator.
  • You must also have Subscription Admin permission.

Part 1: Register the Application in Azure

1

Open App Registrations

  • Go to:https://portal.azure.com
  • Sign in using your Global Administrator account.
  • In the search bar at the top, type App registrations and click on it.
  • Click on the “+ New registration” button.”
2

Fill Out App Registration Details

  • Enter a name for the app. Example: DefenderAnalyticsApp
  • Under Supported account types, select:
  • “Accounts in this organizational directory only”
  • Leave the Redirect URI empty.
  • Click the Register button.

Part 2: Add API Permissions to the App

You’ve now:

3

Open API Permissions

  • After registration, you’ll be taken to the app’s page.
  • Click on “API permissions” from the left menu.
  • Remove any default permissions by clicking the three dots … next to User.Readand selecting Remove permission
4

Add Microsoft Graph Permissions

  • Click “+ Add a permission”.
  • Click Microsoft Graph > Application permissions.
  • Use the search box to find and check the following permissions:
  • Application.Read.All
  • Use the search box to find and check the following permissions:
  • SecurityAlert.Read.All
  • SecurityEvents.Read.All
  • Use the search box to find and check the following permissions:
  • SecurityIncident.Read.All
  • Use the search box to find and check the following permissions:
  • User.Read.All
  • Click Add permissions at the bottom.
5

Add Defender Permissions

  • Click “+ Add a permission”.
  • Click “APIs my organization uses”.
  • Search for WindowsDefenderATP and click it.
  • Click Application permissions.
  • Search and check the following:
  • Alert.Read.All
  • Search and check the following:
  • Machine.Read.All
  • Search and check the following:
  • Score.Read.All
  • Search and check the following:
  • SecurityRecommendation.Read.All
  • Search and check the following:
  • Software.Read.All
  • Search and check the following:
  • User.Read.All
  • Search and check the following:
  • Vulnerability.Read.All
  • Click Add permissions.
6

Grant Admin Consent

  • Back in the API permissions page, click
  • “Grant admin consent for [Your Org Name]”.
  • Click “API permissions” from the left menu.
  • Click Yes when asked for confirmation.

Part 3: Create a Secret Key (Password)

This is like a password your app will use to connect to Microsoft services.

7

Generate a Client Secret

  • On the left menu, click Certificates & secrets.
  • Click on “+ New client secret”.
  • In the Description, enter something like DefenderSecretKey.
  • Choose how long it should last (6 months, 12 months, etc.)
  • Click Add.
  • Copy the Value shown immediately. This is your secret key. You won’t be able to see it again later!

Part 4: Save Important IDs

  • Click on Overview from the left menu.
  • You will see these values:
  • Application (client) ID -> Save this as your Client ID
  • Directory (tenant) ID -> Save this as your Tenant ID
  • You will use these along with the Client Secret to connect from Power BI or Fabric.

Summary of Required Permissions

API Permission Name Description
Microsoft Graph Application.Read.All Read all applications
Microsoft Graph SecurityAlert.Read.All Read all security alerts
Microsoft Graph SecurityEvents.Read.All Read organization’s security events
Microsoft Graph SecurityIncident.Read.All Read all security incidents
Microsoft Graph User.Read.All Read full user profiles
WindowsDefenderATP Alert.Read.All Read Defender alerts
WindowsDefenderATP Machine.Read.All Read Defender machine profiles
WindowsDefenderATP Score.Read.All Read risk/vulnerability scores
WindowsDefenderATP SecurityRecommendation.Read.All Read security recommendations
WindowsDefenderATP Software.Read.All Read installed software
WindowsDefenderATP User.Read.All Read Defender user profiles
WindowsDefenderATP Vulnerability.Read.All Read vulnerability data

You’re Done!

  • Your app is now ready to connect securely with Microsoft Defender. You can use it to pull data into Power BI, Microsoft Fabric, or other systems securely.
  • Make sure you store your Client ID, Tenant ID, and Client Secret (Value) in a safe place!

Configure The Dataset Parameters

The BI for Defender dataset contains some parameters that must be configured in order to synchronize data from Defender for Endpoint to Power BI. Following the steps below to configure the dataset parameters and sync your data.

Lorem ipsum dolor sit amet

1

Lorem ipsum dolor sit amet

  • Select Workspaces.
  • Select the BI for Defender workspace.
2

Lorem ipsum dolor sit amet

  • Hover over the bi_for_defenderSemantic model to reveal a kebab menu(three vertical dots).
  • Select the kebab menu.
  • Select Settings
3

Lorem ipsum dolor sit amet

  • Expand Parameters
  • Enter the API Key that you received from us after completing the Request a Trial Key form.
  • Enter the Azure AD Client ID that you recorded during the configuration of the Azure AD App Registration.
  • Enter the Azure AD Client Secret that you recorded during the configuration of the Azure AD App Registration. As mentioned in the previous article the Client Secret does not have dashes (-) in it. The Client Secret looks similar to this: iB9GT~dZg.F.AKvxzMzjk7T1kIzlFocEh4JXcgI
  • Enter you Azure AD tenant ID that you recorded during the configuration of the Azure AD App Registration.
4

Lorem ipsum dolor sit amet

  • Expand Data Source Credentials.
5

SLorem ipsum dolor sit amet

  • Select each occurrence of Edit credentials one by one and configure each as follows:
  • Select Anonymous as theAuthentication method and Organizational as the Privacy level for all credentials.
  • Select Skip test connection on both.
  • Select Sign in on each of the credentials.

Configure Data Synchronization

Data is synchronized from the data sources to Power BI on a schedule as described here. Most customers sync approximately 3 times per day.

Lorem ipsum dolor sit amet

1

Lorem ipsum dolor sit amet

  • Select Workspaces.
  • Select the BI for Defender workspace.
2

Lorem ipsum dolor sit amet

  • Hover over the bi_for_defenderSemantic model to reveal a kebab menu(three vertical dots).
  • Select the kebab menu.
  • Select Settings
3

Lorem ipsum dolor sit amet

  • Expand Scheduled refresh.
  • Move the Keep your data up to date slider to On.
  • Select Add another time and enter up to 8 times for the data synchronization to happen.
  • Optionally, enter contacts to be notified of synchronization failures.
  • Select Apply.