Enable SIEM integration in Microsoft Defender ATP

This procedure is only necessary if the Windows Defender SIEM Connector has not previously been activated. If the Windows Defender SIEM Connector has already been activated, proceed to the next section.

To activate the Windows Defender SIEM Connector:

Follow steps 1 and 2 of the procedure described at

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration

2. Save the Client ID and Client secret for later use; they will be needed in a subsequent procedure. Note: the Client secret is displayed only once. Do not leave the

SIEM Settings page without saving the Client secret.

PreviousMicrosoft Defender ATP NextAssign permissions to the WindowsDefenderATPSiemConnector application

Last updated 13 days ago