cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Avoiding duplicates in Sentinel when connecting M365 Defender

Andres_Iniesta
Occasional Contributor

‎Feb 20 2023 03:29 AM

‎Feb 20 2023 03:29 AM

Avoiding duplicates in Sentinel when connecting M365 Defender

Hi,

according to the documentation here: Microsoft 365 Defender integration with Microsoft Sentinel | Microsoft Learn

To avoid duplicates in incident creation, it's recommended to "turn off all Microsoft incident creation rules for Microsoft 365 Defender-integrated products".

Does that mean the Analytics rules shown in the image?

defender_rules.JPG

Am I correct in this assumption? With those disabled(and the M365 Defender connector enabled), I'll get the incidents coming from all products through M365 Defender and not miss anything without getting duplicates?

 

Thank you in advance.

Andrés.

242 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Andres_Iniesta (Occasional Contributor)
Heike Ritter

‎Feb 22 2023 11:15 AM

‎Feb 22 2023 11:15 AM

Solution

Re: Avoiding duplicates in Sentinel when connecting M365 Defender

Hello!

From your question and your answers, you got it right :)
0 Likes
Reply