Microsoft 365 Defender for Endpoint

For more information on suggested preventive actions, see Incidents Overview > Prevention.

Prerequisites

• Active subscription to Microsoft 365 Defender for Endpoint.

• Administrator privileges to add integration to Microsoft 365 Defender for Endpoint.

Integrating Microsoft 365 Defender for Endpoint

1. Log in to the Infinity XDR/XPR Administrator Portal.

2. Go to Settings > Integrations.

3. In the Available integrations section, in the MS 365 Defender Endpoint widget, click Integrate.

   

4. In the Microsoft authentication pop up, log in to the relevant user account with administrator credentials.

5. Accept the required permissions and click OK.

   

   After successful authentication, Infinity XDR/XPR integrates successfully with Microsoft 365 Defender for Endpoint.

6. To check if the integration is successful, in the Infinity XDR/XPR Administrator Portal:

   • Go to Settings > Integrations.

     In the Integrated products section, verify if MS 365 Defender Endpoint is listed as Active.

     

     Notes - The widget will display Inactive status until Infinity XDR/XPR begins receiving logs from Microsoft 365 Defender for Endpoint. If the integration failed, the widget shows the status as Failed. For assistance, contact Check Point Support.

   • Go to the Overview page and in the Connectivity widget, verify if MS 365 Defender Endpoint is listed as connected.

     

IOC Management

You can manage Indicators Of Compromise (IoCs) on Microsoft 365 Defender for Endpoint. You can import a list of IoCs to it in CSV format. For more information, see Microsoft Defender documentation.

Deleting the Integration

1. Go to Settings > Integrations.

2. In the MS 365 Defender Endpoint widget, click .

3. Click Delete.

   The Delete Integration window appears.

   

4. Click Yes.