Integrating with Microsoft Defender for Endpoint

Introduction

Follow this article to integrate Blackpoint with Microsoft Defender for Endpoint. We've broken down the integration into four main steps:

1. Copy Primary Domain from Microsoft Azure Portal
2. Adding the Microsoft Defender for Endpoint integration in the Blackpoint Portal
3. Configuring the integration in the Blackpoint Add-ons Portal
4. Verifying your integration in SNAP-Defense

Prerequisites

• You must have access to a global administrator account for the Microsoft 365 tenant.

Instructions

Copy Primary Domain from the Azure Portal

1. Log into the Microsoft Azure Portal with a global administrator account.
2. Navigate to Azure Active Directory and copy the Primary Domain

Adding the Defender for Endpoint Integration in the Blackpoint Portal

1. In the Blackpoint Portal, navigate to Customers in the left-hand menu.
2. In the Customer List section, find the customer you are setting up the Defender for Endpoint integration for. Click the Manage button. You will be redirected to the Customer Details page. 
3. In the Integrations tab, click the + Add Integration button.
4. In the Add Integration pop-up, select Defender for Endpoint in the drop-down menu and click Next.

Configuring the integration in the Blackpoint Add-ons Portal

1. Input your customer's Microsoft Tenant Domain and click Add Domain

2. In the Microsoft pop-up window, sign in with the global administrator account and click Next.

3. Review the Blackpoint Cyber permissions and click Accept.

4. You will now see Defender for Endpoint integration Enabled. 

Verifying your integration in SNAP-Defense

1. In the Blackpoint Portal, click the SNAP-Defense icon.
2. In the Dashboard page, search for your customer and click the name to open it.
3. Click Collection in the left-hand menu and then on the Status tab at the top. In the Devices section, click the Package drop-down and select the PORTAL - MS_DEFENDER_FOR_ENDPOINT package