Install and Configure

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Install and Configure Microsoft Defender integration from the ServiceNow® Store to control how incidents are retrieved, processed, and converted into security incidents within SIR.

    Avant de commencer

    Role required: sn_si.admin, sn_si.ingestion_profile_admin

    Remarque :
    Users with the sn_si.admin role can perform all operations available to a profile admin because this role inherits the required permissions by default.

    Procédure

    1. Download Microsoft Defender integration from the ServiceNow® Store and install it.
    2. Navigate to All > Security Operations > Integrations > Integration Configurations.
    3. Search for Microsoft Defender-Incident Ingestion Configuration tile, and select Configure.
    4. On the form, fill in the fields.
      Field Description
      Name Name of the Microsoft Defender integration.
      Cloud Environment Isolated instance of Microsoft Defender cloud services configured to meet specific requirements such as data residency, security, compliance, and regulatory standards.

      Options include: GLOBAL, US-GOV-GCC-HIGH, US-GOV-DOD, CHINA
      Tenant ID Microsoft Defender Tenant ID.

      Instance from which all the incidents in the Microsoft portal are retrieved.
      Client ID Client ID of the application registered in the Microsoft portal.
      Roles required in Defender include:
      • SecurityIncident.Read.All
      • SecurityIncident.ReadWrite
      Client Secret Client secret of your registered application in the Microsoft portal.
    5. Select Submit.
      The configured integration tile displays.

    Que faire ensuite

    Create an incident profile