# Microsoft Defender Integration {% hint style="info" %} This integration requires a **Microsoft** **Power Automate** license for the owner-user {% endhint %} Configuring this integration enables Rezonate's ITDR engine to cross-correlate identity threats from Endpoint detections, and to improve MTTR. ### Configuration Guide To set up the integration please follow the following steps: 1. Browse to the Rezonate integrations screen, add a new Integration, and select Microsoft Defender. Pick a name for the application and copy the webhook URL that appears on the integration screen. Take note of it as we will use it later in the microsoft configuration part.\
2. Browse to [https://flow.microsoft.com](https://flow.microsoft.com/) and Click **Create.** 3. Click on the **All Connectors** button at the bottom right of the page, search for “ATP” and select the Microsoft Defender ATP app. 4. After that, select “Triggers - Trigger when new WDATP alert occurs”. 5. A new block will appear on the board, with an Invalid connection error below it.![](https://lh7-us.googleusercontent.com/uz32r2r2ZTAtFt4r5NXWlK9NI-llaTZXjKv6C-CCrV8xFy7qO-LKAXxxw_fC23wI32Z6uMmAyDqRhmS25oEN8qbQ_igHGh6CagltzVWy7mZZY8wt_3QQrSknlj7q-ngmJ0AthzRTgQWHPa-AC294gOM) 6. To authenticate with a licensed user, and authorize Power Automate’s access request to your tenant’s data, on the right side menu, look for an option to sign in to Microsoft Defender to set up the connection. \ ![](https://lh7-us.googleusercontent.com/-Tcip5x8D_Z5TXKCypvkVlZCXrl25TLP36H5j2vF9vXt0N8pRoMvYgdA_j4I-o5s-yre3l4g1ln_1EeORgyVjm-MktVc9rdP2AhyHCKMQyawWNy9fnmuge7steiyPx94rBLpXjq6X1Kvi4MYtzQhAU8) 7. A popup window will open, choose your licensed user and then authorize the application’s access request.\ \ ![](https://lh7-us.googleusercontent.com/vBFKcIdQU9i-gvaTgZNye_Fa0dLbXOA79cQdZFNZwsILIqQ86EuBMPlDumQvuzQlChjY4aHnBhw94fuiOE7utouwG5x1A9EaBA9HtABgMOU8pA3__95b_q8--AsZMjPi31_0kGzmwc9Q3XHy-lneGdA)
8. Now authorized, inside the workflow board, click the + icon below the Defender block and add an action. 9. Search for “HTTP webhook”.\ ![](https://lh7-us.googleusercontent.com/JRRoxKb3vupkYdVCaSSG956qFVYKuy3Y386tZA4u_Oiy6hpMrGaPvP_488ypvma8oixtGzdvXwPEX9uPxbd_QaLlr-uwVEPA4Qalr0h3cDERoVbh4v-PkojXWDRp7iJKqW_Q67HMF82G8s-JdVWQ0IM) 10. Select HTTP Webhook (first option), and Click the new webhook block, to set up the parameters, including the target URL that you copied from Rezonate. ![](https://lh7-us.googleusercontent.com/UlQvSzGicjhtE92SxXAFqLQZvjIH64rkwi3q8_t152lQ4QXXznnujOGBx5UmmCBhLI7p2SGIOQYozaaY96pHbRRKB77vyqIW0Zzjh1f-3UehuR_GZ1L4rKyYcMb9u1JXyt6vfajNRRpAZvvdVvo99PY) 15. Save your flow by clicking the Save button.\ ![](https://lh7-us.googleusercontent.com/6hNYkmENGsE_HnXr-HkLh3GGLeO_cFjMe61FzgFDvUQzJfosCr8_xp1Y3qYQL8MqjpQXICkfUoNSkDo3Wx7w4G49vG1DKSMVz0bQih0-_tXrz2tas8WG5zGtYtxrO_XIw3hJ4ZUR1B4XnPMQ5UCANHI) 16. Head back to the main menu of Power Automate and find your flow under My Flows.\ ![](https://lh7-us.googleusercontent.com/OcyWCqjm4FpnRdUCdf3e2ssaz0b5-BMSHi0djg6V8htSTIuiZC_FF4NnoIQ2EOYsZkf9ERN1ne-BIfpxHDyEM9QTkz1Jqo6ckiK8vNkL_p6eQ7u2_ZD9aPzeEcmpQZufenyCGklSfVxLdE5EWGZC_Xg)
17. Click the 3 dots icon and more commands, and a menu will appear, choose Turn on to enable the new flow. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kb.rezonate.io/core-integrations/microsoft-defender-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.