Azure Sentinel and Microsoft 365 Defender incident integration

Published Mar 14 2021 03:20 AM 2,617 Views
Microsoft

Harness the breadth and depth of integrated SIEM and XDR with new Microsoft 365 integration  

 

Idan_Pelleg_0-1615453446077.png

 

 

Now in public preview, Microsoft 365 Defender incidents are fully integrated with Azure Sentinel, providing a seamless experience for responding to security threats. Incidents from Microsoft 365 Defender, including all associated alerts, entities, and relevant information, can be streamed to Azure Sentinel, providing you with enough context to perform triage in Azure Sentinel and get the out of the box incident correlation from Microsoft 365 Defender. Once in Sentinel, Incidents will remain bi-directionally synced with Microsoft 365 Defender, allowing you to take advantage of the benefits of both portals in your incident investigation and response process.  

Read the full blog here 

Further reading  

  • Our Ignite session, featuring a demo of this integration in action  
  • Documentation with detailed information on the integration, common use cases and limitations.  
  • Documentation on how to connect Microsoft 365 Defender incidents and raw data to Azure Sentinel.  
  • Documentation on Microsoft 365 Defender. 

 

 
Co-Authors
Version history
Last update:
‎Mar 14 2021 03:20 AM
Updated by: