# Microsoft Defender Endpoint Integration

### Introduction <a href="#introduction" id="introduction"></a>

The following guide will help you integrate Microsoft Defender Endpoint with Sprinto to track and monitor vulnerabilities.

Microsoft Defender for Endpoint is a comprehensive security solution designed to protect enterprise environments from advanced threats. It provides features such as endpoint detection and response (EDR), threat and vulnerability management, attack surface reduction, and automated investigation and remediation.

### How does this integration help <a href="#how-does-this-integration-help" id="how-does-this-integration-help"></a>

The following integration helps Sprinto monitor vulnerabilities from the Microsoft Defender Endpoint service and ensures that they are resolved within the defined SLA to meet compliance requirements.

#### Available Sprinto checks <a href="#available-sprinto-checks" id="available-sprinto-checks"></a>

Below are the available Sprinto checks for Microsoft Defender Endpoint integration:

| Sprinto check                                                                      | How to fix/ Required action                                                                                                                                                                                                                                                                                                                                                        |
| ---------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Microsoft Defender for Endpoints vulnerability alert should be resolved within SLA | <p>The Sprinto check starts failing if any detected vulnerability is in the open status on the integrated account.</p><p></p><p>How to fix: Take the required action in order to resolve the detected vulnerability, then update the vulnerability status to Closed status on the integrated account. Sprinto detects the status change and set the check status to “Passing.”</p> |

### Before you begin <a href="#before-you-begin" id="before-you-begin"></a>

* Log in to the Sprinto admin portal with your credentials.
* Ensure you have Admin access to the Microsoft Defender Endpoint account to perform this integration.
* This integration is powered by[ Leen](https://leen.dev/). Sprinto utilizes Leen’s API for dataflow on Sprinto.

### Procedure <a href="#procedure" id="procedure"></a>

1. Integrate Microsoft Defender Endpoint with Sprinto.
   * From the Sprinto admin portal, navigate to **Settings** > **Integrations** and select the Available tab.
   * Click **Connect** next to Microsoft Defender for Endpoints.

     <figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FNzdnpyqImiovKbTTbWkS%2FScreenshot%202025-09-25%20at%2017.51.12.png?alt=media&#x26;token=a4f1b35b-d897-431c-92f3-de685993284d" alt="" width="563"><figcaption></figcaption></figure>
   * Read the on-screen instructions and click Nex
   * Select the acknowledgment checkbox, and click Connect to Microsoft Defender for Endpoint. \
     Note: Ensure the pop-up window is enabled on your browser.

     <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72121813069/original/1C6lc1KVBjhHuHwhN86NgPoAvjnAldHZjA.png?1730279581" alt="" width="563"><figcaption></figcaption></figure>
   * Click Connect.<br>

     <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72121813068/original/WzWq3FMGPjcl8C0Sey42Vn4bkJVB-cG4Og.png?1730279581" alt="" width="375"><figcaption></figcaption></figure>
   * Log in to your Microsoft account and follow the on-screen instructions to grant Sprinto the necessary permissions.
2. Add Microsoft Defender Endpoint as a vulnerability monitoring source.
   * Navigate to **Data Library** > **Vulnerabilities** > **Overview**, and click + Add monitoring source.
   * Click Choose next to Microsoft Defender Endpoint.
   * Click Add Microsoft Defender Endpoint.

### Support <a href="#support" id="support"></a>

Please get in touch with our[ support team](mailto:www.support@sprinto.com) if you have any queries related to the integration or need any assistance.