Microsoft 365 / Microsoft Defender
Microsoft 365 / Microsoft Defender
The Dropzone AI platform integrates with Entra ID, Exchange Online, and Microsoft Defender via the Microsoft Graph API. This document describes how to set up API credentials and install them into the Dropzone platform.
Integrations Overview
To enable these integrations, you must perform the following actions:
Register a new application in Microsoft Entra Admin Center
Locate your Client ID, Tenant ID, and create a Client Secret
Enable Dropzone Certificate Credentials
Assign necessary API permissions to the application
See the Microsoft 365 Data Source page for instructions on how to complete these actions.
Enable Microsoft 365/Microsoft Defender
The Remediator integration allows Dropzone to initiate Containment Actions during investigations. See the Remediator documentation for more information.
To enable the Remediator integration, you'll need the following information:
Client ID
The "Application (client) ID" you copied earlier
Tenant ID
The "Directory (tenant) ID" you copied earlier
Client Secret
The client secret "value" you copied earlier
To enable the Remediator integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, navigate to Settings > Integrations
Click "Available" (or, if already integrated, click "Connected")
In the Search bar, search MS 365/Defender, then click "Configure"
Under the Remediator heading, input the Client ID, Tenant ID, and Client Secret
In the "Available Containment Actions" section, check the Containment Actions you wish to enable Dropzone to perform
Click "Test & Save" to finish
Dropzone does not test that your permissions have been configured correctly when running Remediator Containment Actions. Be sure to double check that your configuration is correct and up to date.
If you have any errors engage your Dropzone AI support representative.
Last updated
Was this helpful?