Harness the breadth and depth of integrated SIEM and XDR with new Microsoft 365 integration
Now in public preview, Microsoft 365 Defender incidents are fully integrated with Azure Sentinel, providing a seamless experience for responding to security threats. Incidents from Microsoft 365 Defender, including all associated alerts, entities, and relevant information, can be streamed to Azure Sentinel, providing you with enough context to perform triage in Azure Sentinel and get the out of the box incident correlation from Microsoft 365 Defender. Once in Sentinel, Incidents will remain bi-directionally synced with Microsoft 365 Defender, allowing you to take advantage of the benefits of both portals in your incident investigation and response process.
Read the full blog here
Further reading
- Our Ignite session, featuring a demo of this integration in action
- Documentation with detailed information on the integration, common use cases and limitations.
- Documentation on how to connect Microsoft 365 Defender incidents and raw data to Azure Sentinel.
- Documentation on Microsoft 365 Defender.