How to add Microsoft 365 Defender to vScope

Integrating Microsoft 365 Defender to vScope allows you to fetch any assets (eg. computers and applications) found in Microsoft 365 Defender portal. Any assets found in any additional data source will automatically be merged into one asset by vScope.

ℹ️ Integrate vScope with Azure

Please make sure that you have integrated vScope with Azure before continuing.

Add sufficient permissions

To collect information from Microsoft 365 Defender, you need to add various API permissions to vScope in Azure.

1. Go to App Registrations and select your vScope application, created in the step above

2. Go to API permissions >, + Add a permission

3. In the sidebar, select the APIs my organization uses and search for WindowsDefenderATP

4. Depending on your application, select Delegated permissions or Application permissions

5. Under AdvancedQuery, toggle AdvancedQuery.Read.All

6. Under Machine, toggle Machine.Read.All

7. Click Add Permissions

8. Ensure to click Grant admin consent for… button to commit changes

Configure integration in vScope

Head over to vScope, Discovery Manager > Credentials > Azure. Under Inventory Settings, make sure that Microsoft 365 Defender is enabled and that Endpoint (Computers & Mobile Devices) and Softwares (Applications) are enabled. Click on Test Credential to see if it’s working.

Hit Update to save your credential.

Run a Discovery

Select the Azure credential and click Rediscover. vScope will now collect and analyze assets from Microsoft 365 Defender and you will be able to create and browse content about your Microsoft 365 Defender portal.