At Ignite 2023 we announced the Public Preview of Microsoft Defender for Cloud integration into Microsoft Defender XDR. As a Microsoft Sentinel customer, you can benefit from this powerful integration in your own workspaces using the Defender XDR Incidents and Alerts connector simplifying attack detection by streaming merged detections from various sources. Security teams can now have visibility across all their cloud resources, devices and identities.
To take advantage of this integration and synchronize their entire collection of subscriptionswith their tenant-based Defender for Cloud incidents we recommend customers to:
Install or update the Microsoft Defender for Cloud connector to version 3.0 from Content Hub and connect the Tenant-based Microsoft Defender for Cloud (Preview) connector to synchronize the entire collection of subscriptions with the incidents.
Disconnect the legacy subscription-based Microsoft Defender for Cloud connector to prevent incident duplications.
If you have previously enabled Analytics rules (scheduled or MS creation rules) to create incidents, you are encouraged to disable them.
If the incidents connector already is enabled and you do not want to consume alerts from the entire collection and wish to continue with the subscription-based connector, you can opt-out of the integration from the Defender XDR portal.
If the incidents connector is not enabled, you can still bring your tenant-based Microsoft Defender for Cloud alerts from your entire collection of subscriptions.
Microsoft is committed to empowering our customers with modern security tools and platforms to enable critical protection for their organization and users. See additional resources below and learn more about exciting announcements at Ignite.