SOLVED

Defender for Endpoint - PowerBI report

Copper Contributor

Hello!

I'm currently developing multiple PowerBI reports for Defender for Endpoint where we utilize the advanced hunting query API described in this article here: https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Create-custom-reports-using-Microsoft-...

 

Have anyone here got the luck to utilize AAD app registrations with a client secret to provide access with powerbi, without the need of having to authenticate with a user account?

I'm trying to remove the need of having a service account or likewise to publish them as a report (as all accounts are using PIM / MFA).

 

Any ideas?

8 Replies
best response confirmed by AxelHellstroem (Copper Contributor)
Solution
I wrote an article on this. If you find any issues following let me know.

https://medium.com/@kaustubh.dwivedi/create-custom-reports-using-power-bi-for-a-multi-tenant-scenari...
Incredible, thank you so much for writing this article.
Will test this out ASAP.
If you do face issues let me know would love to help you out.
This works really great. Only one thing should be added:
The (main) function should be named RunAHQuery in order for the queries to work with the function. Otherwise - this is a very good guide on how to work with BI & App registration.

Thank you so much for providing this.
Thanks can you clarify the RunAHQuery issues ? I am bit confused 🙂

@Kausd 

AxelHellstroem_0-1661411093315.png

The main query / function created in step 1 should be named "RunAHQuery".

 

Is there anyway I can reach out to you by teams or email to explain this a bit more?

Thought it could be a nice extension to your article:

This function can also be utilized to access the security graph API with client secret, which enables you to run advanced hunting queries on all Defender for M365 products 🙂

@Kausd or @AxelHellstroem, do you know to connect through the organizational account on power bi? using the Microsoft link, am getting an error. Any screenshots would help of the query please
1 best response

Accepted Solutions
best response confirmed by AxelHellstroem (Copper Contributor)