# Microsoft Defender Integrating Microsoft Defender requires the following Microsoft Entra ID information: * **Tenant ID:** The existing Directory ID for the Entra customer. * **Application ID:** A configured application Client ID for the Entra customer. * **Client Secret:** A configured authentication for content sharing between OneSite Patch and Entra. ## Create a Microsoft Entra Application To integrate Microsoft Defender with OneSite Patch, begin with registering an application with Microsoft Entra ID and creating a service principle. 1. Sign in to your **entra.microsoft.com** account as an administrator. 2. Browse to **Identity > Applications > App registrations**, and then select **New registration**. ![](/files/frR8F8IvXV1SmOWk1xQx) 3. Enter the following details into the form: ![](/files/hZi4vhSiPdPWx8imf7iF) a. Enter a **Name** that identifies the Adaptiva integration. b. Select **Accounts in this organization directory only** under Supported account types. c. Skip both **Redirect URI** and **Service Tree ID**. If you must enter something for the **Redirect URI**, select **Web**. 4. Select Register to create the application. ## Add Permissions to an Entra Application After [creating the new Entra application](#X25dc69c6af8f900355f0d269dea1167a90436bd), use the following steps to add the `Vulnerability.Read.All` permission from **Add registrations**. Make sure you are logged in as an administrator. 1. Access the **API Permissions** workspace from the **App registrations** page: ![](/files/a1meY7fOjpvJSv4aMHV3) a. Select the **Name** of the newly created application on the **App registrations** page. This opens the application and a new list of menu options. b. Select **API permissions** on the left navigation menu, and then select **Add a Permission**. ![](/files/PafKXgHWJDZew9OR9vgC) This opens the **Request API Permissions** workspace. ![](/files/enRNHNuiNhaECZjJqM42) 2. Select **APIs my organization uses**, and then locate **WindowsDefenderATP** in the list. 3. Select **WIndowsDefenderATP**, and then select **Application permissions**. ![](/files/2vVcw8HwLjKy1QJA8qVt) 4. Scroll down to and expand **Vulnerability**, and then select **Vulnerability Read All**. 5. Select Add Permissions. If prompted, follow the required steps to provide administrator consent to make the change. ## Create a Shared Secret ID After creating an application and adding permissions, use the following steps to create a shared secret ID. The secret ID enables authentication between OneSite Patch and Defender for the application you created. 1. Select **Certificates & secrets** on the **Manage** menu for the open application. ![](/files/A4SKxRbiUpNJOG6SL7TI) 2. Select **Client secrets**. ![](/files/Gfd4rMaIP2KJNubR2wWM) 3. Select **+ New client secret**. This opens the **Add a client secret** dialog: ![](/files/BN4PKNELWQqraf4HKHLD) a. Enter a **Description** of the secret. b. Select an **Expires** timeline. c. Select **Add** to save your changes and return to the **Certificates & secrets** workspace. ![](/files/fUNiu5RJJHTNxqq6GWtA) 4. **Copy** and **save** the **Value** and **Secret ID** information. > **Important** > > The system does not save this information when you leave this window. Be sure to record these numbers and save them to an accessible location for later use. ## Locate and Record the Microsoft Entra IDs 1. Sign in to your entra.microsoft.com account as an administrator. 2. From the **Home** page, navigate to **Applications > App Registrations**, and then open the application you created for integration. ![](/files/a1meY7fOjpvJSv4aMHV3) 3. Select **Overview** on the left navigation of the application workspace, and then expand the **Essentials** section. ![](/files/W95hfzVvkrxUmgOZHtJ7) 4. Record the following identification information: * Client ID * Tenant ID (Directory (tenant) ID) * Secret ID ## Integrate Defender with OneSite Patch 1. Select **Windows Defender Endpoint** on the left navigation menu of the OneSite Patch dashboard. ![](/files/olsuLRAmdU9PYIomg4Vq) This opens the Defender Access Settings workspace. ![](/files/j7SuW0lvrQ2QCkcbXwbD) 2. Enter the ID information gathered from [Microsoft Entra](#locate-and-record-the-microsoft-entra-ids), and then click **Save** on the upper left. ![](/files/MrSSlVdBJD8hYUdgiMNs) ## Metadata properties These metadata properties can be used to filter patches when creating patch strategies. | Property | Description | | -------------------------------- | ----------------------------------------------------------------- | | Defender.ExploitabilityLevel | The exploitability level of this vulnerability | | Defender.KnownExploitExists | True if the vulnerability is public, verified or in a kit | | Defender.SecurityUpdateAvailable | Indicates whether a security update is available for the software | | Defender.SeverityLevel | Defender severity level of vulnerability. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.adaptiva.com/patch/integrations/integrate-defender.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.