Forum Discussion
Microsoft 365 Defender for Business logs into Microsoft Sentinel
Hi Community,
One of our customers raised the below query:
Is there a way we can include Microsoft 365 Defender for Business logs into Microsoft Sentinel? Do we have any connectors?
Any pointers would be of great help.
Thanks!
- Hi! At this moment, that's not possible and it's not on the roadmap apparently - according to Microsoft.
Answer by Microsoft:
"Regarding your original question relates to the connector for M365 Defender for Business to include logs to Microsoft Sentinel we don’t see anything in the M365 Roadmap portal. "
However, it's still possible to ingest all Defender for Business data by using the Defender for Endpoint connector. The catch: you need a Defender for Endpoint/E3/E5 license, to make the connector available. So if you get 1 license, theoretically, you're able to do it. I'm not sure what Microsoft thinks about this.. (are you still compliant with licensing in that case?)
Jeffrey Appel has a great blog on this > Google: Jeffrey Appel Defender for Business.
