Microsoft Defender Integration

While SaaS Alerts fully intends to integrate with the full Microsoft Defender suite, the initial integration supports Microsoft Defender for Endpoint. As additional features and items from the product suite are added, this article will be updated.

Prerequisites

  • A global admin account to the Microsoft tenant
  • Proper licensing to support Microsoft Defender for Endpoints
  • Devices enrolled and Microsoft Defender deployed to them
  • Microsoft Manage already connected within SaaS Alerts

Licensing for Microsoft Defender for Endpoints

To access Microsoft Defender for Endpoints, you will need one of the following Microsoft 365 licenses that includes Defender for Endpoint as part of its suite:

  • Microsoft 365 E5: This license includes the full range of Microsoft security features, including Microsoft Defender for Endpoints.
  • Microsoft 365 E5 Security: A subset of the E5 plan focused on advanced security features.
  • Microsoft 365 A5: Designed for educational institutions, this plan also includes Defender for Endpoints.
  • Windows 10 Enterprise E5: This includes Microsoft Defender for Endpoints specifically for Windows 10 devices.
  • Microsoft Defender for Endpoint Plan 1: This provides essential capabilities for threat and vulnerability management, attack surface reduction, and endpoint detection and response.
  • Microsoft Defender for Endpoint Plan 2: This plan offers the complete suite of endpoint protection capabilities.

For detailed and up-to-date information on licensing, it's recommended to consult the official Microsoft documentation or contact a Microsoft representative.

Adding the Microsoft Defender application within SaaS Alerts

  1. From the left navigation menu, navigate to Organizations.
  2. Access an existing organization or create a new one, and click the Edit Organization pencil icon .
  3. Connect Microsoft Manage, if you have not already. Refer to Connecting to Microsoft.
  1. Click New Application.
  1. Click the Microsoft Defender tile.
  1. Sign in to Microsoft with the proper global admin account for the particular Microsoft tenant you would like to monitor.
  1. If the credentials are correct, you will be provided with a success message. If after multiple attempts you are not able to connect Microsoft Defender, reach out to support.