Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Manage security alerts in Microsoft 365 security center(MTP), Sentinel or separately?

Copper Contributor

I am having some questions and would like to receive opinions that can contribute.

 

I have the solutions in my environment and I'm in doubt about how to centralize everything.

 

I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp, Office 365 ATp logs, among others.

 

I also have MCAS integrated with Azure ATP.

 

The question is. Where should all technologies be centralized?

 

That is, if I use Microsoft 365 Security Center to centralize Defender ATP, Azure ATP, MCAS and Office ATP, does it still make sense to receive these logs in Sentinel?

 

Would it be possible to integrate alerts generated in Sentinel with Microsoft 365 Security Center?

 

If I receive the solution logs on Sentinel, what would be the meaning of Microsoft 365 Security Center? Can I work with both, centralizing the solutions in both?

 

I know that there may not be a final answer, but I would be happy to get your position.

 

Thank you.

4 Replies
In general MTP is used for a single pane of glass of all MS365 alerts. If you have Sentinel, Sentinel is your single pane of glass.
MTP isn't useless if you have Sentinel. MTP does a lot of correlation between alerts builtin and adds intelligence of it's own.

@Thijs Lecomte 

In my environment I have 4 technologies that generate alerts in M365SC. These same technologies open up offenses in the sentinel as well. The question is, does it make sense to open the same offenses in both tools? Or would it be interesting to centralize these 4 only on the M365SC and leave Sentinel for other technologies and third-party technologies?

I would use Sentinel for both first and third-party products. This way you have an overview of the alerts. Investigation can be done in MTP

@luizao_lf some big improvements are coming very soon that will help to syncronize the status indicators between the various portals, i.e, closing in one portal will  close in multiple places