In Part 1 of this series we brainstormed an idea for an app that would generate automated vulnerability reports using the Microsoft Defender for Endpoint API and email those recommendations directly to our end-users. We created the app registration in Azure AD, granted it the appropriate permissions to query the various Microsoft APIs, and finally scoped those application permissions so that our app could only send mail on behalf of a specific shared mailbox. With all of that supporting infrastructure sorted we can finally get started writing the script…
Category: Microsoft Defender
Automating vulnerability reports with Microsoft Defender – Part 1
Microsoft Defender for Endpoint has built-in functionality that allows you to configure email notifications to alert your security team when vulnerable software is detected on your users’ devices. You can configure these rules based on the severity of the vulnerability, what groups the device belongs to, and even have it notify you when an public exploit following the initial disclosure. This is great, but there are cases where you may need more control over the reporting process…