Microsoft Defender and Entra

The setup for Microsoft Defender and Microsoft Entra are the same. The Microsoft Defender integration will ingest Endpoint Event data and Alert data into the Nebulock platform, while the Microsoft Entra integration will ingest IAM data (authentication logs, activity logs) into Nebulock.

1. In your Microsoft Azure portal, find and copy your Tenant ID - this is located in the Overview page for your Microsoft Entra ID.

   

2. Navigate to the following URL, replacing TENANT_ID with your Tenant ID from the previous step. Review the required permissions before clicking "Accept".
   https://login.microsoftonline.com/TENANT_ID/adminconsent?client_id=c2a9de78-2601-4f5b-bbdf-d5820f445f7d

   

3. In the Nebulock platform, go to Integrations and click Add Integration.

   

4. From the list of Providers, select either Microsoft Defender or Microsoft Entra, depending on which you are configuring. The settings for both are the same, simply paste your Tenant ID into the text box.