Forum Discussion
Lack of Events from DCs - Prevent Rules
A recent deployment of Sentinel has me scratching my head around Windows events originating from on-prem Domain Controllers protected with Microsoft Defender for Identity. We plugged in the Sentinel...
You can use the Microsoft 365 Defender connector to sentinel
https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-365-defender
However, keep in mind that the Microsoft defender for identity activity tables (from advanced hunting) are not yet available as part of that connector and will be added at a later stage
https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-365-defender
However, keep in mind that the Microsoft defender for identity activity tables (from advanced hunting) are not yet available as part of that connector and will be added at a later stage