Cross tenant Defender API to PowerBI

Berghegen, Nick 20 Reputation points
2023-10-11T12:48:09.5433333+00:00

Hi,

As the title says, i am looking for a way to combine MS Defender API information from multiple tenants into 1 PowerBI table.

I can query this with my user account for 1 tenant but i want to query it for multiple tenants in 1 click.

Can someone advise me how to approach this. Maybe by using a service principal or multi tentant Azure APP?

Thanks in advance!

Nick

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,211 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
158 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 28,021 Reputation points Microsoft Employee
    2023-10-12T05:57:59.2+00:00

    Hi @Berghegen, Nick ,

    Thanks for reaching out.

    I understand you are looking to combine data from multi-tenant in Microsoft 365 defender to manage at one place for security reasons.

    You can register an application in Microsoft Entra as multi-tenant application and call Microsoft Defender API in each tenant to collect data from each of the tenants and report that to PowerBI table as well. However, combining Microsoft Defender API information from multiple tenants into a single Power BI table can be a complex task, as it involves integrating data from various sources and dealing with authentication issues.

    Alternatively, Microsoft 365 defender provides you to directly manage "multi-tenant management in Microsoft 365 Defender" which allows a unified view of all the tenants you manage which helps to streamline threats due to security reasons in single window.

    Reference - https://learn.microsoft.com/en-us/microsoft-365/security/defender/mto-overview?view=o365-worldwide

    Set up multi-tenant management -https://learn.microsoft.com/en-us/microsoft-365/security/defender/mto-requirements?view=o365-worldwide

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

0 additional answers

Sort by: Most helpful