## Introduction

Microsoft Defender for Office 365 is a cloud based email security product. This guide walks you through the steps to gather the necessary information and configure your Microsoft tenant for the purpose of creating a Microsoft Defender for Office 365 integration with Synqly's Email Security connector.

## Prerequisites

Due to restrictions on access to the Microsoft APIs, **a Microsoft Defender for Office 365 Plan 2 is required to use Microsoft Defender for Office 365 as an Email Security provider**.

Before you begin, ensure that you have:

- Access to the Microsoft Entra admin center with either the Application Developer role or other permissions that allow for the creation of an app registration
- Microsoft Defender for Office 365 Plan 2 license(s) or Microsoft license(s) that include Microsoft Defender for Office 365 Plan 2
- Knowledge of your compliance and data residency needs regarding your Microsoft tenant


## Required Application Permissions

| Application Permission | Purpose |
|  --- | --- |
| `ThreatHunting.Read.All` | Retrieve threats, threat details, and events |


## Generating API Credentials

1. Log into the Microsoft Entra admin center with an account that either has the Application Developer role or other permissions that allow for the creation of an app registration
2. Select **Entra ID > App registrations** from the sidebar on the left
3. Select the **New registration** button
4. Fill in the field titled *Name*
5. For the field titled *Supported account types* select either the **Single tenant only** or **Multiple Entra ID tenants** option
  - Note: If unsure about which option to select, select the **Single tenant only** option.
 For more information about the differences between single tenant and multi tenant applications, see the [Microsoft Entra Tenancy in Microsoft Entra ID docs](https://learn.microsoft.com/en-us/entra/identity-platform/single-and-multi-tenant-apps)
6. Select the **Register** button
7. Take note of the *Application (client) ID* and *Directory (tenant) ID* values. Store them in a safe location
8. Select **API permissions**
9. Select **Add a permission > Microsoft Graph > Application permissions**
10. In the field titled *Select permissions*, search for and add all of the required permissions. The required permissions can be found in the section above titled [Required Application Permissions](#required-application-permissions)
11. Select **Add permissions**
12. Select **Grant admin consent > Yes**
13. Select **Certificates & secrets**
14. If not already highlighted select **Client secrets** then **New client secret**
15. Fill in the fields titled *Description* and *Expires*
16. Select **Add**
17. Take note of the *Value* and store it in a safe location
18. You have now registered a new Entra application and gathered all the information necessary to configure the integration. Proceed to the next section titled [Configuring the Integration](#configuring-the-integration)


For more information on creating and managing Microsoft Entra ID app registrations for Microsoft Defender for Office 365, see the [Create an app to access Microsoft Defender XDR without a user docs page](https://learn.microsoft.com/en-us/defender-xdr/api-create-app-web)

## Configuring the Integration

| Integration Parameter | Description |
|  --- | --- |
| Client ID | This is the Application (client) ID value gathered from the *Overview* page when creating the Microsoft Entra app registration |
| Client Secret | This is the value gathered from the *Certificates & secrets* page when creating the Microsoft Entra app registration |
| Tenant ID | This is the Directory (tenant) ID value gathered from the *Overview* page when creating the Microsoft Entra app registration |
| Region | This is the Microsoft region that will process the API traffic and is typically used for compliance and data residency needs. By default, Synqly Defender For Office 365 integrations use the global Microsoft region for all requests |