Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Discussion

Silver Contributor

Dec 08, 2022

MDI Health Alerts - Send to Sentinel

What is the best way to ensure that MDI health alerts like "Directory Services Advanced Auditing is not enabled" show as an alert in Sentinel?

security posture

Martin_Schvartzman

Icon for Microsoft rank

Microsoft

Dec 15, 2022

There is no direct pipe for the health alerts to Sentinel.

As GershonLevitz-MSFT suggested in the Teams channel, you could use the syslog capability in MDI to get them into a server in your environment and then forward them to Sentinel using the log analytics agent. See Connect Syslog data to Microsoft Sentinel | Microsoft Learn

Dean_Gross
Silver Contributor
Dec 15, 2022
Thanks for the workaround, are there any plans to add this basic functionality? I don't think that we should have to do extra work like this after we have already configured the sensors and since the health data is already visible in M365 Security center
- Martin_Schvartzman
  Microsoft
  Dec 18, 2022
  Dean_Gross
  
  Yes. Native forwarding the MDI health alerts to Sentinel is being evaluated.
  - Dean_Gross
    Silver Contributor
    Jan 02, 2023
    FYI, for anyone else interested in this topic, an approach is described here https://cloudbrothers.info/en/integrate-mdi-health-alerts-microsoft-sentinel/

Share

Resources