Connect to your Microsoft Defender app for OAuth.
Overview
in the side menu > Click on +Add
> Select App Registration
.Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
under Supported Account Types.Apps catalog
in Cobalt > Search for Microsoft Defender
> Settings
> Use your credentials
> Callback Url
> Copy it.Web
, paste the Callback Url as the URL and click Register
.Manage
> API permissions
in the side menu > Click on + Add a permission
.Microsoft Graph
card under Microsoft APIs > Choose Application permissions
> Select the mandatory scope > click on the Add Permissions
button.APIs my organization uses
tab > Search for WindowsDefenderATP
and choose the required scopes from Delegated permissions
.Certificates and Secrets
in the side menu and under Client Secrets tab, press the + New client secret
button. Give a Description, select the best expiry for your application and click Add
to create your credentials.Value
column.Overview
in the side menu > Essentials
tab > Copy the Client ID under Application (client) ID
and Tenant ID under Directory (tenant) ID
.OAuth 2.0
based application. For your customers to provide you authorization to access their data,
they would first need to install your application. This page lets you set up your application credentials.
Permissions & Scopes
section.
For some applications Cobalt sets mandatory scopes which cannot be removed. Additional scopes can be selected from the drop down. Cobalt also has the provision to add any
custom scopes supported by the respective platform.
Alert
Machines
Software
Vulnerabilities
Others