what is the difference in sentinel connectors azure active directory and AAD identity Protection

Copper Contributor

what is the difference in sentinel connectors azure active directory and AAD identity Protection.

Victor1989_0-1662125033690.png

as you can see above azure AD also provide logs related to risky users, user risk events , what's major difference in both then 

 

 

Victor1989_2-1662125212356.png

 

1 Reply

Hello @Victor1989 ,

 

1. Azure Active Directory connector allows you to use a more granulated way of logs ingestion. For example, if you don't have ADFS in your environment you can simply disable it. 

 

2. AAD Identity Protection connector allows to creation of alerts in Sentinel based on alerts that come from AAD IP. 

 

I see that 1 ingests logs into two tables (AADUserRiskEvents and AADRiskyUsers), and 2 ingests logs into the (SecurityAlert) table. So with you can only see alerts and with 1 you can see raw logs.