# Enable SIEM integration in Microsoft Defender ATP This procedure is only necessary if the Windows Defender SIEM Connector has not previously been activated. If the Windows Defender SIEM Connector has already been activated, proceed to the next section. To activate the Windows Defender SIEM Connector: 1. Follow steps 1 and 2 of the procedure described at [ https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration)[atp/enable-siem-integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration) 2\. Save the Client ID and Client secret for later use; they will be needed in a subsequent procedure. **Note:** the Client secret is displayed only once. Do not leave the SIEM Settings page without saving the Client secret. ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/cloud-log-forwarding/azure-microsoft/microsoft-defender-atp/enable-siem-integration-in-microsoft-defender-atp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.