This article provides an overview of the Microsoft Defender XDR Service Principal.
ContraForce for MDE Overview
The Microsoft Defender XDR service principal is used to facilitate visibility and management access for Microsoft Defender for Endpoint data. This is used in the Portal Endpoints page, where MDE data is aggregated.
If you have any questions, contact us at support@contraforce.com.
| Client ID` | 6efccc6a-f0d3-49e5-92d0-17d4afa9ba52 |
| API | WindowsDefenderATP |
| Permission | AdvancedQuery.Read |
| Type | Delegated |
| Admin Consent Required | Yes |
| Purpose | This permission is used to enable querying of raw event and incident data on behalf of the signed in user. |
| Client ID | 6efccc6a-f0d3-49e5-92d0-17d4afa9ba52 |
| API | WindowsDefenderATP |
| Permission | Alert.Read |
| Type | Delegated |
| Admin Consent Required | Yes |
| Purpose | This permission is used to display Defender alerts that the signed in user has access to. |
| Client ID | 6efccc6a-f0d3-49e5-92d0-17d4afa9ba52 |
| API | WindowsDefenderATP |
| Permission | Machine.Read |
| Type | Delegated |
| Admin Consent Required | Yes |
| Purpose | This permission is used to retrieve and display endpoint profile details in the Portal Endpoint page. |
| Client ID | 6efccc6a-f0d3-49e5-92d0-17d4afa9ba52 |
| API | WindowsDefenderATP |
| Permission | Score.Read |
| Type | Delegated |
| Admin Consent Required | Yes |
| Purpose | This permission is used to display the Threat and Vulnerability Management score the signed in user has access to. |
| Client ID | 6efccc6a-f0d3-49e5-92d0-17d4afa9ba52 |
| API | WindowsDefenderATP |
| Permission | Vulnerability.Read |
| Type | Delegated |
| Admin Consent Required | Yes |
| Purpose | This permission is used to display Threat and Vulnerability Management vulnerability information in the Portal Endpoints page on behalf of the signed in user. |