Skip to content

Semantic Model Parameters Explained

The BI for Defender dataset contains some parameters that must be configured to synchronize data from Defender for Endpoint to Power BI. Other parameters add additional functionality to BI for Defender. This article explains each of the parameters in detail.

Step 1: Open the Defender Workspace

  1. To view or modify the dataset parameters select Workspaces.
  2. Select the BI for Defender workspace. defender workspace

Step 2: Open the Dataset Settings

  1. Hover over the bi_for_defender Semantic model to reveal a kebab menu (three vertical dots).
  2. Select the kebab menu.
  3. Select Settings. defender settings

Step 3: Expand the Parameters Section

  1. Expand Parameters.

Step 4: Configure the ApiKey

            ApiKey
  1. Required configuration: Yes
  2. Default value: Blank
  3. This should be the API Key that you received from us after completing the Request a Trial Key form.

Step 5: Configure AzureAD TenantID

            AzureAD TenantID
  1. Required configuration: Yes
  2. Default value: Blank
  3. This should be your Azure AD tenant ID.
  4. Note: An easy way to get this is to go to https://www.whatismytenantid.com/

Step 6: Configure AzureAD ClientID

            AzureAD ClientID
  1. Required configuration: Yes
  2. Default value: Blank
  3. The Application (client) ID from the Azure AD App Registration.

Step 7: Configure AzureAD ClientSecret

            AzureAD ClientSecret
  1. Required configuration: Yes
  2. Default value: Blank
  3. The Azure AD Client Secret is the most common mistake that customers make when installing BI for Defender.  It is shown as the "Value" when adding the client secret to the Azure AD App Registration. The Client Secret does not have dashes (-) in it. The Client Secret looks similar to this: aBcDE~fGh.I.JKlmnopqRsTuVwXyZ1234567890

Step 8: Configure AzureAD Pace API

            AzureAD Pace API (s)
  1. Required configuration: None
  2. Default value: 0
  3. Determines the amount of time the sync process waits for a response from the Pace API's and then it loops until a response is received. Do not change this value unless instructed to do so by PowerStacks support.

Step 9: Configure Application Control Days

            AzureAD AdvancedHunting Application Control Day(s)
  1. Required configuration: None
  2. Default value: 3 days
  3. Max value: 30
  4. -1 disables this feature. azuread advancedhunting application control day

Step 10: Configure AdvancedHunting PageSize

            AzureAD AdvancedHunting PageSize API
  1. Required configuration: None
  2. Default value: 10000
  3. Determines the page size for MS Graph queries. Do not change this value unless instructed to do so by PowerStacks support. azuread advancedhunting pagesize api

Step 11: Configure Export URL Enable

            AzureAD Export URL Enable
  1. Required configuration: Yes, only if the AzureAD Export URL has been populated.
  2. Default value: FALSE
  3. Determines if the URL from the AzureAD Export URL is used or if the URL is found automatically by the app.
  4. Setting this parameter to TRUE will create a new data source credential that must be configured. Authentication method: Anonymous
  5. Privacy Level: Organizational
  6. Select Skip test connection

Step 12: Configure the Export URL

            AzureAD Export URL
  1. Required configuration: None
  2. Default value: Blank
  3. The export URL varies from one Azure tenant to another. If this value is not populated our code will find the correct URL that your Intune environment uses to export data, however, to avoid redirection and improve security it is recommended to set this parameter.
  4. Be sure to also set AzureAD Export URL Enable = TRUE when using this parameter.
  5. To learn more please see our Configure Defender Export API documentation.

Step 13: Configure AdvancedHunting Process Days

            AzureAD AdvancedHunting Process Day(s)
  1. Required configuration: None
  2. Default value: 1 days
  3. Max value: 30
  4. -1 disables this feature.
  5. Allows you to configure the number of days of process data to pull from Advanced Hunting. azuread advancedhunting process day

Step 14: Configure AzureAD PageSize API

            AzureAD PageSize API
  1. Required configuration: None
  2. Default value: 10000
  3. Determines the page size of queries. Do not change this value unless instructed to do so by PowerStacks support.

Step 15: Configure AzureAD Proxy Enable

            AzureAD Proxy Enable
  1. Required configuration: Yes
  2. Default value: True
  3. Should ALWAYS be False unless you are viewing the reports with the demo data. azuread proxy enable

Step 16: Configure AdvancedHunting Days

            AzureAD AdvancedHunting Day(s)
  1. Required configuration: None
  2. Default value: 30
  3. Allows you to configure the number of days of data to pull from Advanced Hunting. azuread advancedhunting process day

Step 17: Configure Export URL Wait Time

            AzureAD Export URL Wait (s)
  1. Required configuration: None
  2. Default value: 1
  3. Determines the amount of time the sync process waits for each Intune export job to report a status and then loops until a status is received. Do not change this value unless instructed to do so by PowerStacks support.

Step 18: Configure Export URL Timeout

            AzureAD Export URL Timeout (s)
  1. Required configuration: None
  2. Default value: 3600
  3. Determines the amount of time the sync process waits for each Intune export job before it times out. Do not change this value unless instructed to do so by PowerStacks support.

Step 19: Configure AzureAD Login URL

            AzureAD Login URL
  1. Required configuration: None
  2. Default value: https://login.microsoftonline.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud. azuread login url

Step 20: Configure AzureAD Graph URL

            AzureAD Graph URL
  1. Required configuration: None
  2. Default value: https:/graph.microsoft.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud. azuread graph url

Step 21: Configure SecurityCenter URL

            AzureAD SecurityCenter URL
  1. Required configuration: None
  2. Default value: https://api.securitycenter.microsoft.com
  3. This parameter is only used in edge cases where customers have some things in GCC or HCC High and other things in the commercial cloud. 1. azuread securitycenter url

Step 22: Configure Vulnerability History Days

            AzureAD Vulnerability History Day(s)
  1. Required configuration: None
  2. Default value: 1
  3. By default, only vulnerability data from the last 1 day are available in the reports. Getting more days of vulnerability data will result in slower synchronizations and possibly cause synchronization timeouts. The max value is 30.
  4. Note, vulnerability data can be completely disabled by setting this value to -1. azuread vulnerability history day

Step 23: Configure Vulnerability History PageSize

            AzureAD Vulnerability History PageSize API
  1. Required configuration: None
  2. Default value: 200000
  3. Do not change this value unless instructed to do so by PowerStacks support. azuread vulnerability history pagesize api