> ## Documentation Index
> Fetch the complete documentation index at: https://docs.refold.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup

> Connect to your Microsoft Defender app for OAuth.

To setup your Microsoft Defender app in Refold for OAuth, you will need the following credentials from your [Microsoft Azure account](https://azure.microsoft.com/en-gb/):

* Client ID
* Client Secret
* Tenant ID
* Scopes

### Pre-requisites

1. Microsoft Azure Account. You can create one [here](https://azure.microsoft.com/en-gb/).

### Required Settings

* **Mandatory Scopes**

1. User.Read

<Info>If you haven't already created an app in Microsoft Azure, you'd need to create one.</Info>

### Creating an app in Microsoft Azure

To create a Microsoft Defender app and acquire the above mentioned credentials, please follow the steps mentioned below:

1. Log in to your [Microsoft Azure account](https://azure.microsoft.com/en-gb/).
2. Search for **Microsoft Entra ID** and select it from **Services** in the top search bar.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Ms365/ms365_navigation.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=15504278a7f8cda14af4d9d3c861b1df" alt="Navigation for App setup" data-path="images/Ms365/ms365_navigation.png" />

3. Navigate to `Overview` in the side menu > Click on `+Add` > Select `App Registration`.
4. Enter the App **Name** for your application and select `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)` under **Supported Account Types**.
5. Go to your [`Apps catalog`](https://app.gocobalt.io/apps) in **Refold** > Search for `Microsoft Defender` > `Settings` > `Use your credentials` > `Callback Url` > Copy it.
6. Under the **Redirect URI** section, select **Platform** as `Web`, paste the **Callback Url** as the URL and click `Register`.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msonedrive/onedrive_register.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=075eb7aeca608b7475ea44561e4c0a7b" alt="App Registration" data-path="images/Msonedrive/onedrive_register.png" />

<Info>
  If you already have an app created, then follows these steps to add Redirect URL:

  Select your Application > Select **Authentication** in side menu > Under **Platform configurations**, press the  **Add a platform** button > Select **Web** > Paste the Callback Url > Click on **Configure** > Click **Save** button at the bottom.
</Info>

7. Navigate to `Manage` > `API permissions` in the side menu > Click on `+ Add a permission`.
8. Choose the `Microsoft Graph` card under **Microsoft APIs** > Choose `Application permissions` > Select the **mandatory scope** > click on the `Add Permissions` button.
9. For Defender specific scopes, navigate to `APIs my organization uses` tab > Search for `WindowsDefenderATP` and choose the required scopes from `Delegated permissions`.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msdefender/defender_config.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=08b49a3b637b6ed8bf80808db40d0ef6" alt="Setting up Defender Developer app" data-path="images/Msdefender/defender_config.png" />

10. Navigate to `Certificates and Secrets` in the side menu and under **Client Secrets** tab, press the `+ New client secret` button. Give a **Description**, select the best expiry for your application and click `Add` to create your credentials.
11. Copy the displayed **Client Secret** under the `Value` column.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msdefender/defender_credentials.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=0f75eb1915c56c9946f882fdedeffb12" alt="Getting Client Secret" data-path="images/Msdefender/defender_credentials.png" />

11. Navigate to `Overview` in the side menu > `Essentials` tab > Copy the **Client ID** under `Application (client) ID` and **Tenant ID** under `Directory (tenant) ID`.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msdefender/defender_id.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=e951675b6d26991c622baf68b4373e9d" alt="Getting Client and Tenant ID" data-path="images/Msdefender/defender_id.png" />

#### Configuring credentials in Refold

App settings page lets you configure the authentication settings for an `OAuth 2.0` based application. For your customers to provide you authorization to access their data,
they would first need to install your application. This page lets you set up your application credentials.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msdefender/defender_cobalt.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=1dd1cc86b6197e73ba9802cdf44d0e3e" alt="Setting up application client credentials" data-path="images/Msdefender/defender_cobalt.png" />

Provide the acquired Client ID and Client Secret under Settings of the app and save it.

#### Configuring Scopes

Refold lets you configure what permissions to ask from your users while they install your application. The scopes can be added or removed from the App settings page, under `Permissions & Scopes`
section.

For some applications Refold sets **mandatory scopes** which cannot be removed. Additional scopes can be selected from the drop down. Refold also has the provision to add any
custom scopes supported by the respective platform.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Msdefender/defender_scopes.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=af233c912830661b986243a28a6bc635" alt="OAuth Scopes" data-path="images/Msdefender/defender_scopes.png" />

Once the scopes has been added to the application in Refold, go to your [Microsoft Azure account](https://azure.microsoft.com/en-gb/) and update the scopes as added on Refold.

Select the OAuth App created for Refold and follow **Step 8** and **9** [above](https://docs.gocobalt.io/resources/integration-providers/msdefender#creating-an-app-in-microsoft-azure).

<Warning>
  If you are facing scopes missing or invalid scope error. Make sure you are not passing any custom scope not supported by the platform. And, the scopes selected here are
  identical to the ones selected in the platform.
</Warning>

#### Actions and triggers

Once the above setup is completed, you can create orchestrations of your use-cases using Microsoft Defender actions and triggers. Following are the set of Microsoft Defender actions and triggers
supported by Refold.

<Tabs>
  <Tab title="Actions">
    <AccordionGroup>
      <Accordion title="Alert">
        1. **List Alerts** - Get all alerts in Microsoft Defender.
        2. **Create Alert** - Create an alert in your Microsoft Defender.
        3. **Update Alert** - Update an alert in your Microsoft Defender.
      </Accordion>

      <Accordion title="Machines">
        4. **List Machines** - Get all machines in Microsoft Defender.
        5. **Update Machine** - Update a machine in Microsoft Defender.
      </Accordion>

      <Accordion title="Software">
        6. **List Softwares** - List all softwares in Microsoft Defender.
        7. **List Machines By Software** - List machines by software ID in Microsoft Defender.
      </Accordion>

      <Accordion title="Vulnerabilities">
        8. **Get All Vulnerabilities** - Get all vulnerabilities in Microsoft Defender.
        9. **Get Vulnerability By ID** - Get a vulnerability by ID in Microsoft Defender.
        10. **List Vulnerabilities By Machine** - Get all vulnerabilities by machine in Microsoft Defender.
        11. **Get Vulnerabilities By Software** - Get all vulnerabilities by Software in Microsoft Defender.
      </Accordion>

      <Accordion title="Others">
        12. **HTTP Request** - Make HTTP API calls to any Microsoft Defender documented REST APIs.
      </Accordion>
    </AccordionGroup>
  </Tab>

  <Tab title="Triggers">
    There are no triggers in this application.
  </Tab>
</Tabs>