Want to experience Defender for Endpoint? Sign up for a free trial.
You might need to troubleshoot issues while pulling detections in your SIEM tools.
This page provides detailed steps to troubleshoot issues you might encounter.
Learn how to get a new client secret
If your client secret expires or if you’ve misplaced the copy provided when you were enabling the SIEM tool application, you’ll need to get a new secret.
- Login to the Azure management portal.
- Select Azure Active Directory.
- Select your tenant.
- Click App registrations. Then in the applications list, select the application.
- Select Certificates & Secrets section, Click on New Client Secret, then provide a description and specify the validity duration.
- Click Save. The key value is displayed.
- Copy the value and save it in a safe place.
Error when getting a refresh access token
If you encounter an error when trying to get a refresh token when using the threat intelligence API or SIEM tools, you’ll need to add reply URL for relevant application in Azure Active Directory.
- Login to the Azure management portal.
- Select Azure Active Directory.
- Select your tenant.
- Click App Registrations. Then in the applications list, select the application.
- Add the following URL:
- For the European Union:
https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback - For the United Kingdom:
https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback - For the United States:
https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback.
- For the European Union:
- Click Save.
Error while enabling the SIEM connector application
If you encounter an error when trying to enable the SIEM connector application, check the pop-up blocker settings of your browser. It might be blocking the new window being opened when you enable the capability.
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.