Mondoo
Docs
Integrate Your AssetsExternal Security Data

Import Data from Microsoft Defender for Cloud

Import Microsoft Defender for Cloud findings into Mondoo alongside your own scan results.

Mondoo can import data from Microsoft Defender for Cloud and combine it with your Mondoo findings. The unified view gives you Mondoo's security visualization, prioritization, and ticketing on top of Defender vulnerability data.

Prerequisites

Check your roles in the Azure portal: Microsoft Entra ID > Users > (your account) > Assigned roles.

Step A: Register and grant permissions to an Azure app

Mondoo needs a Microsoft Entra ID app registration with read-only access to Defender data. To learn more, see App registration, app objects, and service principals in the Azure documentation.

  1. Log into the Azure portal with one of the required roles.

  2. Open Microsoft Entra ID > App registrations.

    Azure app registrations

  3. Select + New registration.

    Create a new app registration in Entra

  4. Name the app (for example, mondoo-defender), select Accounts in this organizational directory only, and select Register. No redirect URI is needed.

    Azure creates the application and shows its ID.

    new app registration in Entra

  5. In the left navigation, select API permissions.

    add permissions

  6. Select + Add a permission > APIs my organization uses, search for WindowsDefenderATP, and select it.

    add permissions

  7. Select Application permissions, then expand all, and check:

    • AdvancedQuery.Read.All
    • Alert.Read.All
    • File.Read.All
    • Ip.Read.All
    • Machine.Read.All
    • RemediationTasks.Read.All
    • Score.Read.All
    • SecurityBaselinesAssessment.Read.All
    • SecurityConfiguration.Read.All
    • SecurityRecommendation.Read.All
    • Software.Read.All
    • Url.Read.All
    • User.Read.All
    • Vulnerability.Read.All

    add permissions

  8. Select Add permissions.

  9. In the permissions list, check the Status column. If you see warnings about consent, select Grant admin consent for [your directory name] above the table. If the option is disabled, ask a Global Administrator to grant consent.

    Keep the app registration page open for the next step.

Step B: Set up authentication

Mondoo can authenticate with a client secret (easier) or a PEM certificate (required by some security policies).

Option 1: Client secret

  1. In your app registration, select Certificates and secrets.

    add secret

  2. Select New client secret.

    add secret

  3. Name the secret (for example, mondoo defender secret), choose an expiration, and select Add. Note the expiration; the integration stops working when the secret expires.

    copy secret

    Copy the secret's Value immediately; it disappears after you leave the page.

Option 2: PEM certificate

The app registration and your Mondoo integration must share a PEM certificate with no password protection.

You need two PEM files:

  • For Azure: certificate only, no private key.

  • For Mondoo: certificate plus private key. Must have .pem extension and use this format and order:

    -----BEGIN PRIVATE KEY-----
key goes here
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
certificate goes here
-----END CERTIFICATE-----
Generate a self-signed certificate for testing

For testing only, generate a certificate with OpenSSL. Run in a Linux shell, macOS shell, or Azure Cloud Shell:

openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out certificate.pem -keyout privatekey.key

Combine the key and certificate:

cat privatekey.key certificate.pem > certificate.combo.pem

For Windows, see this simple OpenSSL installer.

Upload the certificate (only) to Azure:

  1. In your app registration, select Certificates and secrets > Certificates.

  2. Select Upload certificate, choose the file with only the certificate, enter a description such as Mondoo certificate, and select Add.

Step C: Add the Defender integration in Mondoo

You need these values from the Azure app registration:

  • Application (client) ID (from the app registration's Overview page)
  • Directory (tenant) ID (from the same page)
  • Either the client secret value or the combined PEM file from Step B

In the Mondoo App, navigate to the space where you want to add the integration. In the side navigation bar, select Integrations. In the top right, select + INSTALL. On the integrations page, find the integration you want by browsing or searching by name:

  1. Under Third-Party Data, select Microsoft Defender for Cloud.

    create a defender integration

  2. In Choose an integration name, enter a name that identifies the Azure tenant.

  3. Paste the Application (client) ID and Directory (tenant) ID in their respective boxes.

    copy app values

  4. Under authentication, select your method:

    integration-create-image

    • Client secret. Select Client secret and paste the secret value.
    • Certificate. Select Certificate and private key and upload the combined PEM file (key + certificate).

  5. Select START IMPORTING.

Manage this integration

To open an existing integration, navigate to the space, select Integrations > All Integrations in the side navigation, choose the integration type, then select the integration.

From the integration detail page, you can:

  • Edit settings. Select the edit (pencil) icon.
  • Trigger an immediate import. Select SCHEDULE NOW.
  • Pause or resume imports. Select the ellipsis (...) menu, then Pause Imports or Resume Imports.
  • Remove the integration. Select the trash can icon and confirm.

CrowdStrike Falcon

Import CrowdStrike Falcon Spotlight findings into Mondoo alongside your own scan results.

Overview

Mondoo continuously assesses your infrastructure and tells you, in priority order, what to fix first.

On this page

PrerequisitesStep A: Register and grant permissions to an Azure appStep B: Set up authenticationOption 1: Client secretOption 2: PEM certificateStep C: Add the Defender integration in Mondoo