Bi-directional sync missing in Defender for Cloud (Tenant-Based) connector in Sentinel?

You’ve raised some really valid points here. From what I’ve seen in the rollout notes, the bi-directional sync feature for the Defender for Cloud (Tenant-Based) connector in Sentinel is still being deployed gradually across tenants and regions, so it’s not unusual that the toggle doesn’t appear everywhere yet.

A couple of things worth checking:

Permissions – Ensure you’re using an account with both Security Admin / Security Reader and Sentinel Contributor rights. Limited permissions can sometimes hide connector settings.

Region / Workspace type – Some features roll out to specific regions or workspace SKUs first before reaching all tenants globally.

Connector refresh – Removing and re-adding the connector may help, but in most cases it’s just a matter of waiting for the backend deployment to complete.

If it’s already listed as GA, then yes, it should eventually appear across all subscriptions without extra steps. At this point, I’d suggest monitoring the Azure Updates page or the Sentinel release notes to track the rollout status. If you still don’t see the option after a while, opening a support ticket with Microsoft might clarify whether your tenant is included in the current wave.

In short: it’s most likely a phased deployment, not a misconfiguration on your side.

I have the same issue, how did you fix?

Hi Surya,

Thank you for clarifying about the tenant-based Defender for Cloud connector and confirming why the bi-directional sync toggle is not available. Your explanation really helped us set the right expectations with our team.

Appreciate your support! 🙏

Best regards,
Hidaytulla Sk

hi Lucifier0786​ check below

Is Bi-Directional Sync Rolled Out for Tenant-Based Connector? Not yet. The Tenant-Based Defender for Cloud connector remains in Preview, and currently, does not support bi-directional sync. This feature exists only for the Subscription-based connector. The tenant connector simply forwards alerts; it does not sync incident status back and forth.

Requirements for Bi-Directional Sync (Subscription-Based Connector Only)

If you were using the Legacy Subscription-based connector, here's what you'd need to enable bi-directional sync:

• Permissions: Contributor or Security Admin on the subscription.
• Defender for Cloud plans enabled on that subscription.
• Registered Resource Provider: SecurityInsights must be registered.

Should It Be Visible by Default if GA?

If it were GA and fully supported in the tenant-based connector, yes—you’d expect to see the Bi-directional sync toggle across subscriptions once it’s enabled. But since it’s not yet supported, seeing it absent is expected.

Do You Need to Re-add the Connector or Just Wait?

No need to tear down your connector. The absence of the sync option isn't due to misconfiguration—rather, it's a feature limitation. You can continue using the tenant-based connector for alert ingestion today. When (or if) Microsoft releases bi-directional support for it, it should appear automatically. Until then, there's no action required on your part.

What You Can Do Now

• Continue using the tenant-based connector for streamlined alert ingestion across subscriptions.
• If you need bi-directional incident/status sync, consider using the Subscription-based connector, configured with proper permissions and Defender plans.
• Monitor Microsoft docs for updates in the Tenant-based connector—if or when bi-directional sync is rolled out, you should see the option appear automatically.

In short: Your behavior is expected. The Tenant-based connector doesn’t support bi-directional sync yet. If you need that functionality today, you’ll have to rely on the Subscription-based connector.