A tool to assess and automate configuration in the Defender portal
This solution will eventually be a PowerShell module, but the initial goal was to map out all of the internal service APIs used in the Defender portal and provide two capabilities - assessment and automatic configuration. I have been working on a customized version of Maester to handle Defender as a “Service” and create Maester tests to check configurations, but the delay and lack of response on some of these APIs has created problems…
Below are links to the repositories where I have mapped out most of the APIs for Defender for Endpoint, Defender for Identity, and Defender XDR settings. I have an initial draft of the fully automated configuration for MDE, but there are some bugs that can only be fixed through some refactoring. This has resulted in my decision to pursue turning these into a PowerShell module to provide better flexibility for both configuration and Maester tests.
MDE: https://github.com/nathanmcnulty/nathanmcnulty/tree/master/DefenderForEndpoint/AutoConfig
MDI: https://github.com/nathanmcnulty/nathanmcnulty/tree/master/DefenderForIdentity/AutoConfig
XDR: https://github.com/nathanmcnulty/nathanmcnulty/tree/master/DefenderXDR/AutoConfig