![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 55.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESJ%3C/text%3E%3C/svg%3E)
Microsoft Copilot
Microsoft terminology for a universal copilot interface.
649 questions
Hello @Souders, Justin
This behavior is by design and not a bug. When setting up Security Copilot, two enterprise applications are created to separate and manage the different integration endpoints required by the solution. Here’s what’s happening:
Dual Endpoint Integration: One of the enterprise applications is registered with both identifier URIs—https://api.medeina.defender.microsoft.com and https://api.securitycopilot.microsoft.com. This registration is used to access the full set of Security Copilot functionality that relies on both the Defender API backend and Security Copilot’s own API.
Legacy/Segmented Role: The second enterprise application, which only includes the Defender API endpoint (https://api.medeina.defender.microsoft.com), is maintained for backward compatibility and to support scenarios or components that only need to interact with Microsoft Defender’s API. It ensures that legacy integrations or isolated parts of the solution that only require that one endpoint continue to work without disruption.
Why This Matters:
- Granular Permission Management: By splitting the applications, permissions, consent, and access control can be managed separately for each set of endpoints. This separation means that if the API for Security Copilot evolves or requires additional security considerations, those changes can be handled independently from the Defender integration.
- Modular Architecture: This approach follows a modular design pattern, offering the flexibility to update one component without forcing changes across the entire solution.
- Future Enhancements: It also provides room for future enhancements or changes in the API endpoints without impacting the overall user experience.This behavior is by design and not a bug. When setting up Security Copilot, two enterprise applications are created to separate and manage the different integration endpoints required by the solution. Here’s what’s happening:
- Dual Endpoint Integration: One of the enterprise applications is registered with both identifier URIs—
https://api.medeina.defender.microsoft.comandhttps://api.securitycopilot.microsoft.com. This registration is used to access the full set of Security Copilot functionality that relies on both the Defender API backend and Security Copilot’s own API. - Legacy/Segmented Role: The second enterprise application, which only includes the Defender API endpoint (
https://api.medeina.defender.microsoft.com), is maintained for backward compatibility and to support scenarios or components that only need to interact with Microsoft Defender’s API. It ensures that legacy integrations or isolated parts of the solution that only require that one endpoint continue to work without disruption.
- Granular Permission Management: By splitting the applications, permissions, consent, and access control can be managed separately for each set of endpoints. This separation means that if the API for Security Copilot evolves or requires additional security considerations, those changes can be handled independently from the Defender integration.
- Modular Architecture: This approach follows a modular design pattern, offering the flexibility to update one component without forcing changes across the entire solution.
- Future Enhancements: It also provides room for future enhancements or changes in the API endpoints without impacting the overall user experience.
- Dual Endpoint Integration: One of the enterprise applications is registered with both identifier URIs—
😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!