@Dean Gross I cant speak for Microsoft in regards to this
But best practice in my experience, is to ingest the defender feeds first then shape your Sentinel to a particular architectural model for your environment. i.e. Threat informed defence, this would be based on the capabilities of your SOC or security team.
Ingest only what you require to monitor otherwise there can be typically big cost blow outs and "bill" shock when ingesting data into Sentinel