Sep 26 2019 07:59 AM
Sep 26 2019 11:32 AMSolution
Not sure yet. We are exploring this. you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.
NOTE: you will incur costs for EH, Logic App, Log A, and Azure Sentinel. So copying all the data might not make sense. It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.