Skip to content
vScope Support Page

Windows Defender

Add API Permissions for Windows Defender

Section titled “Add API Permissions for Windows Defender”

vScope requires specific API permissions within Azure to access and inventory your Windows Defender data. Follow the steps below to grant these permissions:

  1. Click + Add a permission again.

    Azure portal showing the '+ Add a permission' button for app registration

  2. Select APIs my organization uses and search for WindowsDefenderATP.

    Azure adding permission for app registration for Windows Defender

  3. Under Application permissions, enable AdvancedQuery.Read.All in the AdvancedQuery section and Machine.Read.All in the Machine section, then click Add permissions.

    Request API permissions Azure Portal

  4. Click Grant admin consent to finalize permissions.

    Azure API permissions grant admin consent

Once these permissions are granted, vScope will be able to inventory your Windows Defender data through the Azure API.

Frequently Asked Questions

Section titled “Frequently Asked Questions”

Why am I seeing so much so many unknown devices in vScope when using Microsoft Defender as a data source?

Section titled “Why am I seeing so much so many unknown devices in vScope when using Microsoft Defender as a data source?”

Microsoft Defender’s Device Discovery helps reveal unmanaged devices, but it can also create extra network traffic, privacy concerns, and a lot of noise that IT teams must sort through. Misconfigurations may even lead to inaccurate visibility. When enabled, vScope will import these discovered devices, that often has incomplete information. Causing inflated counts of devices and inaccurate reports. In short: Device Discovery improves awareness but can disrupt vScope metrics unless carefully controlled and filtered.

To manage Defender Device Discovery, go to https://security.microsoft.com/. In the left-hand menu, navigate to System → Settings → Endpoints → General → Advanced features and scroll down to the toggle.