Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You can integrate Microsoft Defender for Cloud with ServiceNow to centralize security and compliance operations within a single workflow platform. This integration helps security and IT teams work together by creating and syncing tickets, tracking remediation progress, and aligning Defender for Cloud findings with existing IT processes.
The integration supports the following ServiceNow modules:
- IT Service Management (ITSM) – Provides incident management capabilities that let you create, view, and synchronize ServiceNow tickets linked to Defender for Cloud security recommendations.
- Configuration Compliance – Integrates Defender for Cloud’s cloud security posture management (CSPM) findings into ServiceNow’s compliance module, helping you assess and remediate configuration issues across Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and on-premises environments.
For an overview of all supported partner integrations, see Overview of partner integration.
IT Service Management (ITSM)
Use the ITSM integration to create and manage ServiceNow tickets in Microsoft Defender for Cloud. This connection lets you track and remediate security recommendations as part of your organization’s existing incident management workflows.
Defender for Cloud can create or update the following ticket types in ServiceNow:
- Incident – Represents an unplanned interruption or reduction in service quality. Incidents can be created automatically from Defender for Cloud alerts or manually by analysts.
- Problem – Identifies the root cause of recurring incidents to prevent future issues.
- Change – Records planned modifications to IT services or infrastructure that are initiated as part of remediation activities.
Bidirectional synchronization
Defender for Cloud synchronizes with ServiceNow bidirectionally, keeping changes in both systems aligned. When enabled, Defender for Cloud automatically creates and updates incidents, problems, and change tickets in ServiceNow, and syncs any changes made in ServiceNow back to Defender for Cloud.
Note
This synchronization applies to the ITSM module only and runs every 24 hours.
Configuration Compliance module
The ServiceNow Configuration Compliance module integrates with Microsoft Defender for Cloud to unify compliance management across on-premises and multicloud environments. Use this integration to import Cloud Security Posture Management (CSPM) findings from Defender for Cloud into ServiceNow. Compliance teams can then track, prioritize, and fix issues in the ServiceNow portal.
By centralizing cloud configuration findings in ServiceNow, your organization can:
- Gain a single view of compliance across Azure, AWS, and Google Cloud.
- Automate ticketing and remediation workflows for compliance deviations.
- Improve visibility and reduce risk with real-time compliance insights.
Requirements
To set up this integration, make sure you:
In Azure:
- Have an active Azure subscription with Defender for Cloud onboarded.
- Enable Defender CSPM or Foundational CSPM on the target environments.
In ServiceNow:
- Have an application registry configured.
- Enable the ServiceNow Configuration Compliance module.
- Enable and configure the Microsoft Defender for Cloud integration in ServiceNow.