I’ve been trying to connect the Azure app registration for Defender ATP to Rapid7 for a few days and have read numerous articles that keep pointing to using an app registration in Azure…however we’re not getting any data. Has anyone RECENTLY gotten this to work? I’m finding articles from 2022-2023 so they’re outdated. Most point to using certain API Permissions inside the Application…of which none have worked.
Hi @jscharfenberg we actually recommend using the Azure Event hub event source, which I see you have configured and working, to send these ATP events through. See this step here that Mentions Defender for Endpoint
https://docs.rapid7.com/insightidr/microsoft-azure/#to-configure-microsoft-defender-for-endpoint
David