Harness the breadth and depth of integrated SIEM and XDR with new Microsoft 365 integration
Building on our promise for a modernized approach to threat protection with integrated SIEM and XDR, we are happy to share a deeper integration between Azure Sentinel and Microsoft 365 Defender, making it easier than ever to harness the breadth of SIEM alongside the depth of XDR.
Now in public preview, Microsoft 365 Defender incidents are fully integrated with Azure Sentinel, providing a seamless experience for responding to security threats. Incidents from M365D (formerly known as Microsoft Threat Protection or MTP) including all associated alerts, entities, and relevant information, can be streamed to Azure Sentinel, providing you with enough context to perform triage in Azure Sentinel. Once in Sentinel, Incidents will remain bi-directionally synced with M365D, allowing you to take advantage of the benefits of both portals in your incident investigation and response process.
This integration allows you to manage M365D incidents from Azure Sentinel, as the primary incident queue across the entire organization, so you can see – and correlate – M365 incidents together with those from all of your other cloud and on-premises systems. At the same time, it allows you to seamlessly leverage the unique strengths and capabilities of M365D for in-depth investigations. M365 Defender enriches and groups alerts from multiple M365 products, both reducing the size of the SOC’s incident queue and shortening the time to resolve. The component services that are part of the M365 Defender stack are:
In addition to collecting alerts from these components, M365 Defender generates alerts of its own.
Common use cases and scenarios
Further reading
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.