It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Integrating a multi-tenant Microsoft Defender application

  • Last updated on


Follow this procedure to create a multi-tenant application. To create a single-tenant application, see Integrating a single-tenant Microsoft Defender application.

The steps to integrate a multi-tenant Microsoft Defender application are the following:

  • Create a multi-tenant application in Azure

  • Authorize the MSP Application in each tenant

  • Integrate the application with Barracuda XDR

See the procedures below.

Step One: Create a multi-tenant application in Azure

The following are instructions for creating a multi-tenant application in Azure.

To create a multi-tenant application in Azure

The MSP must have a Microsoft Defender for Endpoint subscription.

  1. Log in to Azure with a user that has the Global Administrator role.

    The User you use to log in must be the MSP's tenant and not one of the accounts you intend to manage.


  2. Navigate to Azure Active Directory > App registrations > New registration.
    microsoft.singletenant.register1.png

  3. On the registration form, write a name for your application, and select Multi-tenant.
  4. In the Redirect URI (optional) section, choose Web and type a redirect URI (https://portal.azure.com).
  5. Click Register.
  6. On your application page, click API Permissions.
  7. Click Add permission.
    microsoft.singletenant.permission1.png
  8. Click APIs my organization uses. Then type WindowsDefenderATP. Then select WindowsDefenderATP.
    microsoft.singletenant.permission2.png
  9. Click Application permissions. Then click Alert.
  10. Select Alert.Read.All. Then click Add a permission.
  11. Select the Application permission and click Grant admin consent.
    microsoft.singletenant.grantconsent1.png
  12. Click Yes.
    microsoft.singletenant.grantconsent2.png
  13. To add a secret to the application, select Certificates & secrets, add a description to the secret.
  14. Click Add.
    microsoft.singletenant.newsecret2.png
  15. Copy the generated MSP Secret Key value.

    Make sure you save the MSP Secret Key. You won't be able to retrieve this value after you leave.

    microsoft.singletenant.newsecret3.png

  16. Click Overview.
  17. Copy the MSP Client ID (Application ID).

Step Two: Authorize the MSP Application in each tenant

Because your application interacts with Defender for Endpoint, the next step is to request that an Admin user each tenant approve the MSP Client ID from the previous procedure.

The Admin user must:

  • Be a member of one of the following roles: Application Admin, Cloud Application Admin, or Global Admin.
  • Sign in using multi-factor authentication.
  1. Send an email to each Admin you want to approve the application. The email must contain the following for approval:  https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=<00000000-0000-0000-0000-000000000000>&response_type=code&sso_reload=true, where <00000000-0000-0000-0000-000000000000> is the MSP Client ID you copied from the previous procedure.
  2. Each user that authorizes the MSP Client ID, they must log in to Azure AD and retrieve the Tenant ID from the Overview page.

Step Three: Integrate the application with Barracuda XDR

When you've finished the procedure above, complete the integration by entering the Client ID, Secret Key, and Tenant ID in the Barracuda XDR Customer Security Dashboard. 

To integrate the application with Barracuda XDR Dashboard
  1. In the Account list, select the name of the company you created in the previous procedure.
  2. In Barracuda XDR Dashboard, click to Administration > Integrations.
    Microsoft Defender.png
  3. In the Microsoft Defender card, click Setup.
  4. Enter the Client IDSecret Key, and Tenant ID.
    Integration_Dashboard.png
  5. Click Save.