Fortinet black logo

Administration Guide

Home FortiDeceptor 5.0.0 Administration Guide

Integration with Microsoft ATP

5.0.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 666526c9-6f4b-11ed-8e6d-fa163e15d75b:701524
Download PDF

Integration with Microsoft ATP

1. Configure Azure

1.1 Configure the permissions

For the Application registration stage, you must have a Global administrator role in your Azure Active Directory (Azure AD) tenant.

1.2 Create an App in Microsoft

For information about creating an App in the Azure Active Directory, see Microsoft Defender for Endpoint API - Hello World.

2. Onboard devices on Microsoft 365 Defender

2.1 Verify the tenant IDs are identical

  1. Login to Microsoft 365 Defender (https://security.microsoft.com/) with your Azure account.
  2. Ensure the Tenant IDs in Azure and Microsoft 365 Defender are identical.
    • To view the Tenant ID in Azure, go to Azure Home > Azure Active Directory > Properties.

    • To view the Tenant ID in Microsoft 365 Defender, go to Settings > Microsoft 365 Defender > Account.

2.1 Onboard devices in Defender

  1. In Microsoft Defender, go to Settings > Endpoints > Device management > Onboarding .
  2. Onboard the endpoints you want to manage.

3. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration and click Quarantine Integration With New Device.

  2. Configure the integration settings and click Save.

    Integrate MethodSelect Microsoft-ATP.
    Server URL Enter the URL of API: https://api.securitycenter.microsoft.com.
    Client IDEnter the Azure Client ID.

    Client Secret

    Enter the Azure Client Secret.

    Tenant ID

    Enter the Azure Tenant ID.

  3. Verify the device status is Ready

Previous
Next

Integration with Microsoft ATP

1. Configure Azure

1.1 Configure the permissions

For the Application registration stage, you must have a Global administrator role in your Azure Active Directory (Azure AD) tenant.

1.2 Create an App in Microsoft

For information about creating an App in the Azure Active Directory, see Microsoft Defender for Endpoint API - Hello World.

2. Onboard devices on Microsoft 365 Defender

2.1 Verify the tenant IDs are identical

  1. Login to Microsoft 365 Defender (https://security.microsoft.com/) with your Azure account.
  2. Ensure the Tenant IDs in Azure and Microsoft 365 Defender are identical.
    • To view the Tenant ID in Azure, go to Azure Home > Azure Active Directory > Properties.

    • To view the Tenant ID in Microsoft 365 Defender, go to Settings > Microsoft 365 Defender > Account.

2.1 Onboard devices in Defender

  1. In Microsoft Defender, go to Settings > Endpoints > Device management > Onboarding .
  2. Onboard the endpoints you want to manage.

3. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration and click Quarantine Integration With New Device.

  2. Configure the integration settings and click Save.

    Integrate MethodSelect Microsoft-ATP.
    Server URL Enter the URL of API: https://api.securitycenter.microsoft.com.
    Client IDEnter the Azure Client ID.

    Client Secret

    Enter the Azure Client Secret.

    Tenant ID

    Enter the Azure Tenant ID.

  3. Verify the device status is Ready

Previous
Next