Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Adding custom Threat Intelligence feeds to M365 Defender

Silver Contributor

Are there any methods for adding TI feeds to M365 like we can do for Azure Sentinel?

1 Reply
Hi Dean,

Yes it is also possible for MDE (Microsoft Defender for Endpoint) within the M365 portal. > settings > endpoints > indicators

You can submit file hashes, IP adresses , Urls/domains & Certificates.
You can upload a csv file or (what I prefer) post them via the graph api.

This documentation should get you going using the graph api to upload indicators.