Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

DFe to Azure Sentinel with G5

Copper Contributor

I am running into an interesting issue.  In an attempt to on-board a new client; they are requesting we ingest Defender for Endpoint logs into an Microsoft Sentinel workspace.  In the past, leveraging the Data connector there has been no issue with the ingestion.  Simply, checking a few boxes and I was home free.  This client appears to be leveraging G5 licenses in terms of their Defender for Endpoint coverage.  

 

This is the origin of the issue I believe.  Microsoft Sentinel is not seeing Defender for Endpoint as an active product for this tenant/directory.  Is this by design or is there a workaround to leverage the Streaming API to pipe these logs to the Microsoft Sentinel Workspace ?

0 Replies