.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Overview
DSALTA connects to Microsoft Defender for Endpoint using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.Read-only access. DSALTA never modifies, creates, or deletes resources in your Microsoft Defender for Endpoint environment.
How to Connect
- Go to Integrations in the DSALTA sidebar.
- Find Microsoft Defender for Endpoint and click Connect.
- Authenticate with admin-level access.
- Select the scope (accounts, projects, or resources to monitor).
- DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.
Automated Compliance Checks
Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.| Check | Description |
|---|---|
| Device encryption should be enabled | Checks that disk encryption is enabled on all devices managed by Microsoft Defender. |
| Screen lock should be enabled on devices | Checks that screen lock is enabled on all devices managed by Microsoft Defender. |
| OS should be up to date | Checks that the OS is up to date on all Defender-managed devices. |
| User access to critical systems should be valid | Checks that users with access to critical systems are authorized in Microsoft Defender. |
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate from Integrations → Microsoft Defender for Endpoint → Reconnect. This usually happens when API tokens expire.
Data is not syncing
Data is not syncing
Verify the connected account has admin permissions. Try a manual sync from the integration settings.