Sentinel incident synchronization

Hi there,

Do you have any feedback or experience about incident synchronization for fields such as "Assigned to", "Tags", and so on? According to the MS Docs, only status is synchronized, but I feel like the sync of other fields is essential.

Example 1

For instance, I saw environments where people developped an Azure function to programmatically tag incidents with regions tags (e.g. emea, us, euw, etc.) within M365 Security portal based on their evidences i.e. if an evidence is email address removed for privacy reasons, it would be tagged with 'US'. But as you know this tag does not replicate to Microsoft Sentinel, and configuring the same kind of things on Sentinel side is much more complicated, or this is not a very proper way to do it.

Example 2

When assigning incident to people, I think synchronization should be done. I understand that one solution rather than another should be used, but depending on people role in the company, they won't use both solution (altough they maybe should). If you take a CISO, they probably only use the M365 Security portal, but if the technical team uses Sentinel only and assign incidents to each other in Sentinel, the CISO won't see any of the assignments.

It might sound like a detail, but I have multiple feedbacks for different customers that have the full MS security stack, and they really wonder how to handle things with that lack of sync. Anyway, if you ever faced to same kind of need feel free to share your experience!