Microsoft 365 Defender for Business logs into Microsoft Sentinel

Frequent Contributor

Hi Community,

 

One of our customers raised the below query:

 

Is there a way we can include Microsoft 365 Defender for Business logs into Microsoft Sentinel? Do we have any connectors?

 

Any pointers would be of great help.

 

Thanks!

1 Reply
Hi! At this moment, that's not possible and it's not on the roadmap apparently - according to Microsoft.

Answer by Microsoft:
"Regarding your original question relates to the connector for M365 Defender for Business to include logs to Microsoft Sentinel we don’t see anything in the M365 Roadmap portal. "

However, it's still possible to ingest all Defender for Business data by using the Defender for Endpoint connector. The catch: you need a Defender for Endpoint/E3/E5 license, to make the connector available. So if you get 1 license, theoretically, you're able to do it. I'm not sure what Microsoft thinks about this.. (are you still compliant with licensing in that case?)

Jeffrey Appel has a great blog on this > Google: Jeffrey Appel Defender for Business.