Forum Discussion

Thiago-Beier's avatar
Thiago-Beier
Brass Contributor
Feb 08, 2024

Microsoft XDR and defender endpoint to Sentinel

Hi everyone

I have a lab environment

01 CDX tenant MDE trial 90-day https://cdx.transform.microsoft.com/

- MDE licensed and devices onboarded

01 Azure subscription ($200/month) from my MCT subscription

-Sentinel enabled here

-Azure arc enabled here

 

I'm trying to forward/connect 01 CDX tenant MDE XDR and endpoint to Sentinel (MCT subscription)

Tried the following articles

https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration

Where at this one IExplorer breaks 

Fetch Microsoft Defender XDR incidents | Microsoft Learn

Error Code: INET_E_CANNOT_CONNECT

any thoughts?

 

 

thanks in advance.

Thiago B.

 

 

  • G_Wilson3468's avatar
    G_Wilson3468
    Iron Contributor

    Thiago-Beier 

    I would try a couple of things. First, try flushing your DNS and try again. If that does not work, rename the connections folder in the Windows registry. "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/<version>/Internet Settings"

    You can also try changing your DNS server. 

     

    Hope this helps.

      • rutgersmeets's avatar
        rutgersmeets
        Brass Contributor

        Hi Thiago-Beier,

         

        Is this the trial that you are using? https://developer.microsoft.com/en-us/microsoft-365/dev-program

         

        Last time I used this, I noticed that Advanced Hunting in Defender for Endpoint was unavailable. This is pure speculation, but I think that this feature is expressly disabled for the Developer trial as the cost would be significant and not many developers would make use of it.

         

        Have you considered signing up for a Defender for Endpoint P2 trial license via admin.microsoft.com in the tenant where your MCT subscription resides? Or in a new tenant, if cross-tenant log ingestion is what you are trying to achieve?

         

        Kind regards,

        Rutger

Resources