# Creating and Managing API Client in the Azure Active Directory App Registration Console ## 1. Introduction In order to connect to a Defender API, an Azure Active Directory application must exists on Azure. Please see the steps for [Creating an app to access Microsoft Defender for Endpoint without a user](https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-webapp) ## 2. Prerequisites Before you begin, ensure you have: - Created an Active Directory Application ## 3. Creating API Client Secret ### Step 1: Access the App registration - Log in to your Azure Console instance with administrative privileges. - Click **Certificates & secrets**, and add a description and select Add. - Keep the Secret value that appears, you will not be able to see is any other time. ### Step 2: API Permissions In order to query for data from the MS Defender API, you must enable the proper permissions. - Click **Manage > API permissions** - Add the following permissions - Microsoft Threat Protection - Incident.Read - Incident.Read.All - WindowsDefenderATP - AdvancedQuery.Read.All - Alert.Read.All - Machine.Isolate - Machine.Read.All - Score.Read.All - Software.REad.All - Application Insights API - Data.Read - Azure Service Management - user_impersonation - Microsoft.Graph - Application.Read.All - Device.Read.All - Make sure to **Grant admin consent** ## 4. Configure the Integration Create your integration by supplying all of the required values below: **URL** The Base Endpoint URL for your App Registration. See https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-list for help finding the correct API Endpoint URL. For example, `https://api-us3.securiytcenter.microsoft.com` (without "/api/") **ClientId** This is the Client Id gathered in step 3 **ClientSecret** This is the Client Secret gathered in step 3 **TenantId** This is the value in the App Registration Console and was gathered in step 3 ## 5. Important Links in Defender's Documentation - [Create an App to access MS Defender](https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-create-app-webapp)