Forum Discussion
Microsoft XDR and defender endpoint to Sentinel
Hi everyone I have a lab environment 01 CDX tenant MDE trial 90-day https://cdx.transform.microsoft.com/ - MDE licensed and devices onboarded 01 Azure subscription ($200/month) from my MCT subscr...
I was able to complete https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration , waited 1 hour re-run and worked , got the tokens. However, from the sentinel part nothing changes it's like the Sentinel (azure subs #2) has no awareness about the MDE from M365 tenant (which is not the same Entra ID) as in the diagram added.
Hi Thiago-Beier,
Is this the trial that you are using? https://developer.microsoft.com/en-us/microsoft-365/dev-program
Last time I used this, I noticed that Advanced Hunting in Defender for Endpoint was unavailable. This is pure speculation, but I think that this feature is expressly disabled for the Developer trial as the cost would be significant and not many developers would make use of it.
Have you considered signing up for a Defender for Endpoint P2 trial license via admin.microsoft.com in the tenant where your MCT subscription resides? Or in a new tenant, if cross-tenant log ingestion is what you are trying to achieve?
Kind regards,
Rutger