Microsoft Defender for Cloud is a cloud security platform that provides threat detection, posture management, and continuous monitoring to protect cloud workloads and services.
Permissions for Microsoft Defender for Cloud (TD) Integration
Assign the "Security Reader" role to ensure full API access.
Scytale follows the least-privilege principle, limiting permission scopes strictly to what's required for audit evidence collection.
How to Connect Scytale and Microsoft Defender for Cloud (TD)
In Scytale, go to 'Integrations'.
Search for Microsoft Defender for Cloud (TD) and select 'Connect'.
Paste your Tenant ID, Client ID, Client Secret & Subscription ID key.
Add a connection name - this will be used to differentiate between your connections - and then select 'Connect'.
You have now successfully connected to Microsoft Defender for Cloud (TD).
How to Generate Credentials in Microsoft Defender for Cloud
Step 1 — Register an app in Azure
Go to portal.azure.com
Search for Microsoft Entra ID → App registrations
Click New registration, give it a name (e.g.
scytale-integration), and click Register
Copy the Application (client) ID and Directory (tenant) ID
Step 2 — Create a client secret
In your app, go to Certificates & secrets → New client secret
Set an expiry and click Add
Copy the secret value immediately — you won't be able to see it again
Step 3 — Assign the Security Reader role
Go to Subscriptions → select your subscription
Click Access control (IAM) → Add role assignment
Select the following role:
Security Reader(*)
Assign it to the app you just registered
Step 4 — Find your Subscription ID
Go to Subscriptions in the Azure portal
Copy the Subscription ID of the relevant subscription
Step 5 — Enter your credentials in Scytale
Provide the following values:
Tenant ID — from Step 1
Client ID — from Step 1
Client Secret — from Step 2
Subscription ID — from Step 4