cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Defender for Endpoint - PowerBI report

AxelHellstroem
Copper Contributor

‎Jul 15 2022 04:55 AM

‎Jul 15 2022 04:55 AM

Defender for Endpoint - PowerBI report

Hello!

I'm currently developing multiple PowerBI reports for Defender for Endpoint where we utilize the advanced hunting query API described in this article here: https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Create-custom-reports-using-Microsoft-...

 

Have anyone here got the luck to utilize AAD app registrations with a client secret to provide access with powerbi, without the need of having to authenticate with a user account?

I'm trying to remove the need of having a service account or likewise to publish them as a report (as all accounts are using PIM / MFA).

 

Any ideas?

2,732 Views
0 Likes
7 Replies
Reply
7 Replies
best response confirmed by AxelHellstroem (Copper Contributor)
Kausd

‎Aug 22 2022 09:09 PM

‎Aug 22 2022 09:09 PM

Solution

Re: Defender for Endpoint - PowerBI report

I wrote an article on this. If you find any issues following let me know.

https://medium.com/@kaustubh.dwivedi/create-custom-reports-using-power-bi-for-a-multi-tenant-scenari...
2 Likes
Reply
AxelHellstroem

‎Aug 22 2022 11:11 PM

‎Aug 22 2022 11:11 PM

Re: Defender for Endpoint - PowerBI report

Incredible, thank you so much for writing this article.
Will test this out ASAP.
0 Likes
Reply
Kausd

‎Aug 23 2022 01:58 AM

‎Aug 23 2022 01:58 AM

Re: Defender for Endpoint - PowerBI report

If you do face issues let me know would love to help you out.
0 Likes
Reply
AxelHellstroem

‎Aug 23 2022 02:46 AM

‎Aug 23 2022 02:46 AM

Re: Defender for Endpoint - PowerBI report

This works really great. Only one thing should be added:
The (main) function should be named RunAHQuery in order for the queries to work with the function. Otherwise - this is a very good guide on how to work with BI & App registration.

Thank you so much for providing this.
0 Likes
Reply
Kausd

‎Aug 24 2022 03:44 AM

‎Aug 24 2022 03:44 AM

Re: Defender for Endpoint - PowerBI report

Thanks can you clarify the RunAHQuery issues ? I am bit confused :)
0 Likes
Reply
AxelHellstroem

‎Aug 25 2022 12:08 AM

‎Aug 25 2022 12:08 AM

Re: Defender for Endpoint - PowerBI report

@Kausd 

AxelHellstroem_0-1661411093315.png

The main query / function created in step 1 should be named "RunAHQuery".

 

Is there anyway I can reach out to you by teams or email to explain this a bit more?

Thought it could be a nice extension to your article:

This function can also be utilized to access the security graph API with client secret, which enables you to run advanced hunting queries on all Defender for M365 products :)

0 Likes
Reply