EDR setup: MS Defender

The management of MS Defender EDR is currently in Beta. Let us know if you have any feedback or encounter any issues.

As part of its MDR (Managed Detection and Response) offering, Stoïk manages the Microsoft EDR/XDR configuration. Below are the steps to follow to configure it correctly:

1. Adding the Stoïk MDR Application

Click the following link to accept the Stoïk application.

This step is mandatory for Stoïk's teams to be able to monitor and receive Microsoft security alerts.

Please note: You must be logged in with a Microsoft administrator account.

2. Inviting the Stoïk MDR User

In order to use the investigation console provided by Microsoft and conduct large-scale investigations, a user external to your Microsoft subscription must be invited.

Invite the Entra external user [email protected] via the following link.

Add the Security Operator role to this user.

3. Adding XDR Defender Permissions (if Defender RBAC roles are enabled)

Defender XDR role management via RBAC is always enabled by default. If this configuration is active, follow these steps:

Create a new role within the Defender console.
Invite the Stoïk MDR API external user ([email protected]) to this role.
Grant the Security operations and Security posture permissions to this user.

Please notify the Stoïk teams at [email protected] once the deployment is complete, and include your Microsoft tenant ID in the mail.

PreviousSetup IS-IDP: Identity Security - Identity Detection & Protection (RangerAD)NextExclusion rules with an EDR

Last updated 1 month ago

Was this helpful?

hashtag1. Adding the Stoïk MDR Application

hashtag2. Inviting the Stoïk MDR User

hashtag3. Adding XDR Defender Permissions (if Defender RBAC roles are enabled)

1. Adding the Stoïk MDR Application

2. Inviting the Stoïk MDR User

3. Adding XDR Defender Permissions (if Defender RBAC roles are enabled)