# Creating and Managing API Client in Microsoft Defender for Cloud Security (Beta) The Microsoft Defender for Cloud Security Connector is currently in development and currently only supports compliance query functionality. It will be expanded with additional capabilities in the future. ## 1. Introduction The Microsoft Defender for Cloud Security Provider uses OAuth 2.0 client credentials for authentication, and requires a Client ID, Client Secret, Tenant ID, and Subscription ID. ## 2. Prerequisites Before you begin, ensure you have: - Access to the Microsoft Azure Portal - Administrator privileges - A Microsoft Defender for Cloud subscription - Appropriate permissions to create an app registration in Azure Active Directory ## 3. Creating API Client ### Step 1: Access the Azure Portal - Log in to your Azure Portal with administrative privileges. ### Step 2: Create an App Registration in Azure Active Directory - Navigate to **Azure Active Directory** > **App registrations** > **New registration** - Provide a name for your application - Select the appropriate supported account types - Click **Register** ### Step 3: Generate Client Secret - In your newly created app registration, go to **Certificates & secrets** - Click **New client secret** - Provide a description and select an expiration period - Click **Add** - **Important**: Make sure to copy and securely store the generated secret value as it will not be shown again ## 4. Configure the Integration ### Base URL The Base URL for your Microsoft Defender environment. This is typically `https://management.azure.com`. ### Subscription ID Your Azure subscription ID, which can be found in the Azure Portal under **Subscriptions**. ### Tenant ID Your Azure Active Directory tenant ID, which can be found in the Azure Portal under **Azure Active Directory** > **Properties**. ### Client ID The Application (client) ID of your app registration, found in the **Overview** section of your app registration. ### Client Secret The secret value generated in Step 3 above. ## 5. Important Links in Microsoft Documentation - [Microsoft Defender for Cloud documentation](https://docs.microsoft.com/en-us/azure/defender-for-cloud/) - [Azure AD app registrations](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) - [Microsoft Graph API permissions](https://docs.microsoft.com/en-us/graph/permissions-reference)