CybSafe’s new ability to integrate with Microsoft Defender allows you to automatically feed us a broader range of security behaviour and events data.

To explore more on our Security behaviours, take a look at our amazing SebDB!

CybSafe will then map this new data back to the relevant security behaviours, and use it to enhance our reporting back to you.

Note: This feature is not yet fully released, so you’ll only have access if you’ve opted-in to early releases. If you’ve opted-out, you'll get access when this feature is released fully.

How to set up the MS Defender integration

There is some manual work required to setup the integration with CybSafe and O365.

You will need to provide CybSafe your Azure AD tenant_id. and CybSafe will use this to configure the integration.

🆔 Step 1: Obtain your Azure AD tenant_id. You can find this in your Azure Active Directory.

✉️ Step 2: Share your tenant_id with CybSafe, you can email this to and inform the team that you wish to setup your MS Defender integration.

📨 Step 3: CybSafe will send you a link to access to grant permissions for the integration.

You will be asked to login and be shown some information about the connection, please accept the permissions to complete the integration. 👇

⚙️ Step 4: CybSafe will configure your integration in our platform and ensure it is all up and running.

Still have questions?

If you still have questions, you can contact the CybSafe team via We’re on hand to help resolve any further issues!

Did this answer your question?