Microsoft Defender for Endpoint

Available

EDR / Security

Koopic connects to the Microsoft Security Center API to pull complete device inventory from Defender for Endpoint. Every sync captures device details, antivirus status, EDR sensor health, last-seen timestamps, OS information, and network configuration — giving you a comprehensive security posture view for every managed endpoint.

Key Features

Full device inventory with OS details, network info, and hardware specs

Real-time antivirus status: engine version, definitions, and platform updates

EDR sensor health and last communication timestamp

Automatic field mapping to Koopic unified schema

Incremental sync — only fetches changed records

Supports GCC, GCC High, and commercial tenants

How to Set Up

One-click connect

Click "Connect with Microsoft" in Koopic. We automatically create the app registration on your Azure tenant with the correct Defender API permissions — no manual portal setup required.

Grant admin consent

An Azure admin reviews and approves the permissions during the OAuth flow. Once consented, Koopic securely stores the credentials encrypted at rest.

Create the integration

Select Microsoft Defender in the integration wizard, choose your credential, and configure the sync schedule.

Run your first sync

Click "Run Now" or wait for the scheduled sync. Koopic maps Defender fields to the unified schema automatically.

Use Cases

EDR Coverage Gaps

Cross-reference Defender inventory with your CMDB or AD to find devices missing EDR coverage.

Compliance Scoring

Use Defender AV and EDR health fields in compliance rules to identify unhealthy endpoints.

Incident Response

During an incident, instantly see the last-known state of any device across all sources — not just Defender.

Ready to connect your tools?

Start your free trial and set up your first integration in under 10 minutes.

Start Free Trial See the Platform