IoT Security Integration Guide
  • IoT Security Integration Guide
  • IoT Security Documentation
  • All Documentation
>
Set up Microsoft Defender XDR for Integration
Focus
Download PDF
Focus
  1. Home
  2. IoT Security
  3. Endpoint Protection
  4. Integrate IoT Security with Microsoft Defender XDR
  5. Set up Microsoft Defender XDR for Integration
Download PDF
IoT Security

Set up Microsoft Defender XDR for Integration

Table of Contents

Set up Microsoft Defender XDR for Integration

Set up Microsoft Defender XDR for integration with IoT Security through Cortex XSOAR.
Where Can I Use This?What Do I Need?
  • IoT Security (Managed by IoT Security)
  • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
One of the following Cortex XSOAR setups:
  • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
  • A full-featured Cortex XSOAR server
To prepare Microsoft Defender XDR for integration with IoT Security, you need a Microsoft Defender XDR license.
  1. Log in to your Microsoft Azure portal with an account that has the Global Administrator role.
  2. Navigate to Microsoft Entra IDManageApp registrations.
  3. Click on New registration to register a new application.
  4. Configure the new application.
    Configure the following settings:
    • Name: Enter a name for the application.
    • Supported account types: Select Accounts in this organizational directory only.
  5. Register the application.
    After registering the application, you're redirected to the application overview page.
  6. From the application overview page, copy the Application (client) ID and the Directory (tenant) ID to a secure location.
    You will need the client and tenant IDs later to configure the integration instance on Cortex XSOAR.
  7. Obtain a client secret.
    1. From the application overview page, navigate to ManageCertificates & secrets.
    2. Click on + New client secret to bring up the Add a client secret side view.
    3. In the Add a client secret side view, configure the following settings:
      • Description: Enter a description to help identify the client secret.
      • Expires: Choose an expiration period for the secret, after which time you would need to renew the secret to continue using the Microsoft API.
    4. Add the new client secret.
    5. Copy the client secret Value and Secret ID to a secure location.
      You will need the Secret ID later to configure the integration instance on Cortex XSOAR.
  8. Configure API permissions.
    1. Navigate to ManageAPI permissions.
    2. Click on + Add a permission to bring up the Request API permissions side view.
    3. Select APIs my organization uses.
    4. Search for WindowsDefenderATP and select WindowsDefenderATP.
      This brings up the view to select the WindowsDefenderATP permissions.
    5. Select Application permissions, and search and select the following permissions:
      • Machine.Read.All
      • Vulnerability.Read.All
    6. Add permissions.
    7. If the Status of the new API permissions is “Not granted...,” then Grant admin consent.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.

xThanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.