Forum Discussion
Defender for Identity - Streaming of events possible?
Hello! In Defender for Endpoint events can be forwarded through Azure Event hubs or Azure storage (see link). How do I archieve the same functionality through Defender for Identity? Particular I...
- This feature has been added by MS officially two years later.
Blog post: https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-365-defender-streaming-api-identity-and-cloudapp/ba-p/3290516
Or Tsemah
Microsoft
MicrosoftHi Bill,
All Defender for Identity activities are available in the M365D advanced hunting feature
And will be made available to stream via its API capabilities
*Note, the APIs are currently being evaluated so some functionality might be missing
You can also export Defender for Identity via MCAS SIEM connector
Or Tsemah- Thanks for your answer! MCAS connector for Defender for Identity does not print all raw events. But the other API you mentioned... Streaming API for Advanced Hunting. Thats the solution to get access to it (or kinda every raw data if needed). Did not really think of it that way 🙂 Thank you for your reply!
