Microsoft Defender Integration

The Microsoft Defender for Endpoint integration allows Timus Manager to collect real-time security telemetry from Defender-protected devices across your organization. This data is used to enforce Device Posture Checks—ensuring that only healthy, compliant devices are granted access under your Zero Trust policies.

What This Integration Enables

  • Sync device posture signals from Microsoft Defender for Endpoint
  • Enforce Device Posture Checks using Defender-sourced attributes
  • Ensure policy compliance based on real-time endpoint protection data
  • Strengthen Zero Trust enforcement with Microsoft-backed threat intelligence

After successful setup, Microsoft Defender will appear as a selectable Data Source in Device Posture Check policies.

Prerequisites

To integrate Microsoft Defender with Timus, you must have:

  • A valid Microsoft 365 Business Premium subscription
  • Access to Azure Active Directory (Entra ID)
  • Microsoft Defender for Endpoint deployed and active on target devices

Learn how to deploy Defender to endpoints: Microsoft Defender Deployment Strategy

Register an Application in Microsoft Entra ID

  1. Sign in to the Microsoft Entra Admin Center
  2. Navigate to Identity → Applications → App registrations
  3. Click + New registration

  1. Enter a Name and select the appropriate Supported account types
  2. Click Register

After registration, take note of:

  • Client ID
  • Tenant ID

Create a Client Secret

  1. In the app registration screen, navigate to Certificates & secrets
  2. Click + New client secret
  3. Add a description and set an expiry period
  4. Click Add
  5. Copy the generated Client Secret — it is displayed only once

Assign API Permissions

  1. In the same app registration, go to API Permissions
  2. Click + Add a permission

  1. Select APIs my organization uses
  2. Search for WindowsDefenderATP

  1. Choose Application permissions
  2. Under Machine, select Machine.Read.All
  3. Click Add permissions

  1. Click Grant admin consent for your tenant

These permissions authorize Timus to access device health data via the Defender for Endpoint API.

Configure the Integration in Timus Manager

  1. Navigate to Settings → Integrations
  2. Click ⚙️ → Manage on the Microsoft Defender card
  3. Enter the following values:
    • Tenant ID
    • Client ID
    • Client Secret
  4. Click Save

Timus will validate the credentials and initiate secure API communication.

Verify the Integration

After setup:

  • Navigate to Zero Trust Security → Device Posture Checks
  • Create or edit a posture check
  • In the Data Source dropdown, select Microsoft Defender

Disable the Integration

To turn off the integration:

  1. Go to Settings → Integrations
  2. Click ⚙️ → Disable on the Microsoft Defender card

Disabling the integration will:

  • Stop real-time data sync from Microsoft Defender
  • Remove Microsoft Defender from the Data Source dropdown
  • Retain existing posture data for audit and compliance visibility

🔐 Security & Data Handling

  • All API communication is encrypted using OAuth 2.0 over HTTPS
  • Your Tenant ID, Client ID, and Client Secret are stored encrypted within Timus
  • Timus operates with read-only access; it cannot modify configurations in Defender
  • Access tokens can be revoked at any time from the Entra Admin Center
  • All retrieved data is processed in accordance with your organization's privacy and security policies

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.