
In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/
It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let’s begin,
Note: If you’re new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel
Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub
Search for Microsoft Defender XDR Data connector

Click on Install

Click on Manage once the installation completed

Click on Connect Incidents & alerts

Select the activities to collect the logs for Sentinel

Click on Apply Changes

Ingrate SIEM and XDR in One Place
Go to https://security.microsoft.com/ and click on Connect a Workspace

Select the Sentinel Workspace and Click on Next
Click on Connect

Now it will take a few moments to connect the Microsoft Log Analytics workspace

you can see it has connected to the workspace without any issues

Validation of the logs and Incidents
Go to https://security.microsoft.com/ –> Advanced Hunting
Click on Start Hunting

Select signinLogs and click on Run query
you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.
Let’s talk about them in the upcoming articles. Until then, Ta ta!!