Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Connecting data from Microsoft 365 Defender to Microsoft Sentinel

Brass Contributor

I understand Microsoft 365 Defender incidents include all their alerts, entities, and other relevant information, and they group together and are enriched by, alerts from Microsoft 365 Defender's component services: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps etc...

One thing I want to clarify is there ever a need to onboard and connect, each individual related connector as well, such as Microsoft Defender for Endpoint or Microsoft Defender for Identity etc...? 

2 Replies

@Clive_Watson - Don't suppose you are aware of any issues with the Microsoft Defender connector in Sentinel are you? It's worked fine for me since preview but now I get the following error on MDE and M365 Defender connector.

 

natehutch_0-1682374734910.png

 

I came across the following article which suggests its somethign to do with the classic CA policy created when Intune is connected to Defender portal: AADSTS50131: Device is not in required device state: known. Or, the request was blocked due to suspi... - I've seen another MSFT doc suggesting you should NOT delete this policy but instead you can exclude users, any thoughts?