Forum Discussion
Microsoft 365 Defender integration with Azure Sentinel
Hi, I understand that this feature is currently in preview, integrating the entire Defender 365 Suite into Sentinel and supporting bi-directionally sync. Prior to this, my understanding was to rout...
Hi AmjadGov
I cannot answer all of your questions, but I can answer the second one. All M365 Defender Alerts and Incidents logs are free when ingested into Sentinel. If you need a more detailed view you can find it here: https://docs.microsoft.com/en-us/azure/sentinel/azure-sentinel-billing#free-data-sources
Regards A
Hi andersk and thank you for your reply. I was already aware of "All M365 Defender Alerts and Incidents logs are free when ingested into Sentinel", but thanks for the link you supplied, I missed that one, it answers the question on MCAS, which has now be renamed to MS Defender for Cloud Apps, although MS mention security alerts are free, the Shadow IT reporting is Paid for feature. We also get some benefits as we use E5 licensing: https://azure.microsoft.com/en-us/offers/sentinel-microsoft-365-offer/ which should be extending further. I think as it stands, once the new connector comes out of preview for Defender for Cloud Apps, it would be better to only use the free features on alerting to utilise Sentinel, but anything paid for, to then stay in D for Cloud Apps in order to maximise benefits on costing, until MS clarify this in detail.
Cheers
Amjad
Cheers
Amjad