Microsoft Defender for Endpoints

is a connector.

IP Allowlists

You might need to add the Monad IP range of to your Microsoft Defender for Endpoints allowlist, so Monad can connect to it.


You must have a Microsoft Account with an active subscription to Microsoft Defender for Endpoint. You may also use the free trial version of Microsoft Defender for Endpoints.


The Microsoft Defender connector will ingest data from Microsoft Defender for Endpoints into your Monad account. This data includes alerts, devices, and vulnerabilities found on the devices. The devices will be mapped to the mart_machines table, the alerts can be found in the mart_endpoint_alert table, and the vulnerabilities can be found in both the mart_machine_finding and mart_finding tables.

The Microsoft Defender connector is a great way to stay on top of vulnerabilities and security alerts in your environment.

Set up a Microsoft Defender for Endpoints connector

  1. From your Monad account go to the Connector map, and click Add connector.

  2. Select the Microsoft Defender connector.

  3. Optionally, change the default name and sync frequency for the connector. This name serves as a label for the connector in the Monad app, and you can change it later.

  4. Click Connect.

  5. Login to your microsoft account that has a valid Microsoft Defender for Endpoint subscription.

  6. Review and agree to the permissions requested by Monad.

That’s it! Monad tests the connection to Microsoft Defender for Endpoints, and if successful, begins syncing data from Microsoft Defender for Endpoints into your Monad account.

This page was last modified: 10 Oct 2023