Forum Discussion
Bi-directional sync missing in Defender for Cloud (Tenant-Based) connector in Sentinel?
hi Lucifier0786 check below
Is Bi-Directional Sync Rolled Out for Tenant-Based Connector? Not yet. The Tenant-Based Defender for Cloud connector remains in Preview, and currently, does not support bi-directional sync. This feature exists only for the Subscription-based connector. The tenant connector simply forwards alerts; it does not sync incident status back and forth.
Requirements for Bi-Directional Sync (Subscription-Based Connector Only)
If you were using the Legacy Subscription-based connector, here's what you'd need to enable bi-directional sync:
- Permissions: Contributor or Security Admin on the subscription.
- Defender for Cloud plans enabled on that subscription.
- Registered Resource Provider: SecurityInsights must be registered.
Should It Be Visible by Default if GA?
If it were GA and fully supported in the tenant-based connector, yes—you’d expect to see the Bi-directional sync toggle across subscriptions once it’s enabled. But since it’s not yet supported, seeing it absent is expected.
Do You Need to Re-add the Connector or Just Wait?
No need to tear down your connector. The absence of the sync option isn't due to misconfiguration—rather, it's a feature limitation. You can continue using the tenant-based connector for alert ingestion today. When (or if) Microsoft releases bi-directional support for it, it should appear automatically. Until then, there's no action required on your part.
your questions | Answer |
Is bi-directional sync rolled out for tenant-based? | No. Still in Preview without sync capability. |
Requirements for it to show? | Not applicable—feature not supported yet. |
If GA, visible by default? | Yes, but not yet GA for tenant-based. |
Need to re-add connector? | No, just use it as-is. Feature isn't there yet. |
What You Can Do Now
- Continue using the tenant-based connector for streamlined alert ingestion across subscriptions.
- If you need bi-directional incident/status sync, consider using the Subscription-based connector, configured with proper permissions and Defender plans.
- Monitor Microsoft docs for updates in the Tenant-based connector—if or when bi-directional sync is rolled out, you should see the option appear automatically.
In short: Your behavior is expected. The Tenant-based connector doesn’t support bi-directional sync yet. If you need that functionality today, you’ll have to rely on the Subscription-based connector.