# Windows Security Center Azure Registration The CyberCyte portal provide Windows Security Center integration for more comprehensive visibility. We recommend it for observe all the security events from users infrastructure from one portal. ## 1. Create MS Azure App Please log in to the MS Azure Portal and navigate to Register a new applicaiton on a signle tennant with "+ New registration" button. Do not put any URL for endpoint.

## 2. Get The Client ID & Tenant ID After the registration, please navigate to "Manage" -> "Certificates & Secrets". Please add a new client secret and copy it.

From the "Overview" menu, please copy the "Application (client) ID" and "Directory (tenant) ID". Go back to the "Manage" menu and navigate to "API permissions". Add a new permission and select the "Microsoft Graph Permission".

Select the "Applicaiton Permissions".

Select the "SecurityIncident.ReadWrite.All", "SecurityEvents.ReadWrite.All" and "User.Read.All" permissions.

Grand admin consent after adding the permissions.

## 3. Adding the MS Graph API Credential to The CyberCyte Portal Please navigate to "Settings & Reporting" -> "Credential Settings" -> "Remote Credentials" -> Click on "+ Credential" button. Select the "Microsft Graph API Credential". copy the "Application (client) ID", "Directory (tenant) ID" and "Client Secret" that created on Azure Portal. ## 4. Repository Integration Please navigate to "Settings & Reporting" -> "Integration Settings" -> Click on "+ Integration " button. Select the "Microsoft Defender Security Center" as a type, select a credential and enable the repository. The recommended sync interval is 15 minutes. ## 5. Reviewing the Results Please navigate to "Analysis & Investigation" -> "Artifact Analysis" -> "Threat Management" -> "Microsoft Defender Security Center Events" to observe Windows security center events. After integration, the data obtained must be validated and, if necessary, white-listing or rule definitions must be made. There are already defined rules on CyberCyte, and listing can be done with additional analyses to these rules. Our primary recommendation is to double-check in parallel with the existing solutions in the user's infrastructure. You can access the relevant findings via dashboards, and you can go to the relevant analysis table by clicking on the data.

When you right-click on any data, you can provide list management under "List Management" from the options that appear on the screen. Similarly, if a special rule needs to be defined, you can create a special rule with the "Rule Management" -> "Add value as a Classification Rule" option and trigger the notification mechanism. The rule management explained in this link . --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudcyte.com/getting-started/integrations/windows-security-center-azure-registration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.