Sep 15 2020 01:34 PM - edited Sep 15 2020 01:43 PM
I am having some questions and would like to receive opinions that can contribute.
I have the solutions in my environment and I'm in doubt about how to centralize everything.
I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp, Office 365 ATp logs, among others.
I also have MCAS integrated with Azure ATP.
The question is. Where should all technologies be centralized?
That is, if I use Microsoft 365 Security Center to centralize Defender ATP, Azure ATP, MCAS and Office ATP, does it still make sense to receive these logs in Sentinel?
Would it be possible to integrate alerts generated in Sentinel with Microsoft 365 Security Center?
If I receive the solution logs on Sentinel, what would be the meaning of Microsoft 365 Security Center? Can I work with both, centralizing the solutions in both?
I know that there may not be a final answer, but I would be happy to get your position.
Thank you.
Sep 17 2020 12:40 AM
Sep 17 2020 09:29 AM
In my environment I have 4 technologies that generate alerts in M365SC. These same technologies open up offenses in the sentinel as well. The question is, does it make sense to open the same offenses in both tools? Or would it be interesting to centralize these 4 only on the M365SC and leave Sentinel for other technologies and third-party technologies?
Sep 17 2020 09:33 AM
Jan 26 2021 11:31 AM
@luizao_lf some big improvements are coming very soon that will help to syncronize the status indicators between the various portals, i.e, closing in one portal will close in multiple places