Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

Available

EDR / Security

Defender for Endpoint is one of the most valuable signals in Koopic's risk model. When Defender is active on an asset, Koopic knows an EDR control is present - and can down-rank vulnerabilities whose exploit path is already blocked by that coverage. Every sync captures device details, antivirus status, EDR sensor health, last-seen timestamps, OS information, and network configuration. An asset missing the Defender sensor gets higher exposure weighting; one with a healthy sensor and up-to-date definitions gets credit for the control.

Signal in your risk score

Data from Microsoft Defender for Endpoint flows into Koopic's unified asset inventory and shapes how vulnerabilities are scored. Koopic combines asset context - exposure, control presence, criticality - with CVSS severity, EPSS exploit probability, and CISA KEV membership to produce a single, explainable risk score per vulnerability per asset. A CVSS 9.8 on a segmented host with a compensating control scores lower than a CVSS 7.4 on an internet-exposed, unmanaged endpoint with no control in place.

What Microsoft Defender for Endpoint contributes to risk scoring

Full device inventory with OS details, network info, and hardware specs
Real-time antivirus status: engine version, definitions, and platform updates
EDR sensor health and last communication timestamp
Automatic field mapping to Koopic unified schema
Incremental sync - only fetches changed records
Supports GCC, GCC High, and commercial tenants

How to connect

1

One-click connect

Click "Connect with Microsoft" in Koopic. We automatically create the app registration on your Azure tenant with the correct Defender API permissions - no manual portal setup required.

2

Grant admin consent

An Azure admin reviews and approves the permissions during the OAuth flow. Once consented, Koopic securely stores the credentials encrypted at rest.

3

Create the integration

Select Microsoft Defender in the integration wizard, choose your credential, and configure the sync schedule.

4

Run your first sync

Click "Run Now" or wait for the scheduled sync. Koopic maps Defender fields to the unified schema automatically.

How teams use this data

EDR Coverage Gaps

Cross-reference Defender inventory with your CMDB or AD to find devices missing EDR coverage.

Compliance Scoring

Use Defender AV and EDR health fields in compliance rules to identify unhealthy endpoints.

Incident Response

During an incident, instantly see the last-known state of any device across all sources - not just Defender.

Related integrations

Microsoft Intune

Microsoft Intune

MDM enrollment and compliance status - distinguishes managed endpoints from unmanaged exposure.
Azure Virtual Machines

Azure Virtual Machines

Cloud VM exposure context - internet-facing cloud assets carry higher inherent risk weight.
Active Directory

Active Directory

Organizational context and asset identity - OU, domain, and last-logon data enrich exposure scoring.

See it on your data

Work with us directly to run Koopic's prioritization engine on your actual vulnerability and asset data.

Become a design partner How the scoring works