> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Defender for Endpoint

> How DSALTA integrates with Microsoft Defender for Endpoint — data collected, setup guide, and automated compliance checks.

## Overview

DSALTA connects to Microsoft Defender for Endpoint using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.

<Info>
  **Read-only access.** DSALTA never modifies, creates, or deletes resources in your Microsoft Defender for Endpoint environment.
</Info>

## How to Connect

1. Go to **Integrations** in the DSALTA sidebar.
2. Find **Microsoft Defender for Endpoint** and click **Connect**.
3. Authenticate with admin-level access.
4. Select the scope (accounts, projects, or resources to monitor).
5. DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.

## Automated Compliance Checks

Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.

| Check                                                                                                                               | Description                                                                             |
| ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| [Device encryption should be enabled](/integrations/microsoft-defender/device-encryption-should-be-enabled)                         | Checks that disk encryption is enabled on all devices managed by Microsoft Defender.    |
| [Screen lock should be enabled on devices](/integrations/microsoft-defender/screen-lock-should-be-enabled-on-devices)               | Checks that screen lock is enabled on all devices managed by Microsoft Defender.        |
| [OS should be up to date](/integrations/microsoft-defender/os-should-be-up-to-date)                                                 | Checks that the OS is up to date on all Defender-managed devices.                       |
| [User access to critical systems should be valid](/integrations/microsoft-defender/user-access-to-critical-systems-should-be-valid) | Checks that users with access to critical systems are authorized in Microsoft Defender. |

## Troubleshooting

<AccordionGroup>
  <Accordion title="Integration shows Disconnected">
    Re-authenticate from **Integrations → Microsoft Defender for Endpoint → Reconnect**. This usually happens when API tokens expire.
  </Accordion>

  <Accordion title="Data is not syncing">
    Verify the connected account has admin permissions. Try a manual sync from the integration settings.
  </Accordion>
</AccordionGroup>