according to the documentation here: Microsoft 365 Defender integration with Microsoft Sentinel | Microsoft Learn
To avoid duplicates in incident creation, it's recommended to "turn off all Microsoft incident creation rules for Microsoft 365 Defender-integrated products".
Does that mean the Analytics rules shown in the image?
Am I correct in this assumption? With those disabled(and the M365 Defender connector enabled), I'll get the incidents coming from all products through M365 Defender and not miss anything without getting duplicates?
Thank you in advance.