Blog Post

Microsoft Sentinel Blog
2 MIN READ

Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration

skochavi's avatar
skochavi
Icon for Microsoft rankMicrosoft
Nov 27, 2023

At Ignite 2023 we announced the Public Preview of Microsoft Defender for Cloud integration into Microsoft Defender XDR. As a Microsoft Sentinel customer, you can benefit from this powerful integration in your own workspaces using the Defender XDR Incidents and Alerts connector simplifying attack detection by streaming merged detections from various sources. Security teams can now have visibility across all their cloud resources, devices and identities. 

 

To take advantage of this integration and synchronize their entire collection of subscriptions with their tenant-based Defender for Cloud incidents we recommend customers to: 

  • Install or update the Microsoft Defender for Cloud connector to version 3.0 from Content Hub and connect the Tenant-based Microsoft Defender for Cloud (Preview) connector to synchronize the entire collection of subscriptions with the incidents. 
  • Disconnect the legacy subscription-based Microsoft Defender for Cloud connector to prevent incident duplications. 
  • If you have previously enabled Analytics rules (scheduled or MS creation rules) to create incidents, you are encouraged to disable them. 
  • If the incidents connector already is enabled and you do not want to consume alerts from the entire collection and wish to continue with the subscription-based connector, you can opt-out of the integration from the Defender XDR portal. 
  • If the incidents connector is not enabled, you can still bring your tenant-based Microsoft Defender for Cloud alerts from your entire collection of subscriptions. 

 

Further information can be found in the Microsoft Sentinel What's New page

 

Additional Resources: 

Microsoft is committed to empowering our customers with modern security tools and platforms to enable critical protection for their organization and users. See additional resources below and learn more about exciting announcements at Ignite.   

 

 

Updated Nov 29, 2023
Version 2.0
skochavi's avatar
Icon for Microsoft rankMicrosoft
Joined October 03, 2022
View Profile
Microsoft Sentinel Blog

Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.

When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Microsoft Sentinel by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Here are the Privacy/Guideline links: Microsoft Privacy Statement, Gartner’s Community Guidelines & Gartner Peer Insights Review Guide.

7 Comments

Sort By
  • laraib-khan's avatar
    laraib-khan
    Brass Contributor
    Nov 29, 2023

    The new 3.0 version and tenant-based connector are now visible in euwest. :stareyes:

     

  • Clive_Watson's avatar
    Clive_Watson
    Bronze Contributor
    Nov 28, 2023

    Correct its not in UK South/West yet (just checked), but it is in West Europe 

  • Brok3NSpear's avatar
    Brok3NSpear
    Brass Contributor
    Nov 28, 2023

    Clive_Watson  Ah, thank you for pointing that out regards to the Sentinel Integration part.

    With regards to the Defender to Cloud into Defender XDR, I guess that the update to 3.0 in Content Hub will show soon (UK Based) as I can only currently see the 2.0.1 version

     

  • Clive_Watson's avatar
    Clive_Watson
    Bronze Contributor
    Nov 28, 2023

    This preview (as per the post) is for Defender to Cloud into Defender XDR.  Defender XDR to Microsoft Sentinel is another preview (invite only AFAIK) 

  • Brok3NSpear's avatar
    Brok3NSpear
    Brass Contributor
    Nov 28, 2023

    Have completed all the above, but still can't see any changes as yet. Note that I have only given it 20 mins (logged out and in) so it may be that it takes a while to eventually show.

     

    I have Preview Features enabled


    One thing though that I don't seem to have as yet, is the banner that is supposed to show in Defender when on the Home screen.

    It was via the Microsoft Mechanics video here

    This is supposed to show for actually connecting your Sentinel to MS Defender XDR portal, correct? If the banner isn't showing, is there another way to trigger this?

     

     

  • laraib-khan's avatar
    laraib-khan
    Brass Contributor
    Nov 28, 2023

    I don't see an update in the content hub for Defender for Cloud data connector yet.