In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/

 
 
 

It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let’s begin,

 
 
 

Note: If you’re new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

 

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

 

Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub

 

Search for Microsoft Defender XDR Data connector

 
SIEM-1
 

Click on Install

 
SIEM-2
 

Click on Manage once the installation completed

 
SIEM-3
 

Click on Connect Incidents & alerts

 
SIEM-4
 

Select the activities to collect the logs for Sentinel

 
SIEM-5
 

Click on Apply Changes

 
SIEM-22
 

Ingrate SIEM and XDR in One Place

 

Go to https://security.microsoft.com/ and click on Connect a Workspace

 
SIEM-7
 

Select the Sentinel Workspace and Click on Next

 
 
 

Click on Connect

 
SIEM-10
 

Now it will take a few moments to connect the Microsoft Log Analytics workspace

 
SIEM-11
 

you can see it has connected to the workspace without any issues

 
SIEM-13
 

Validation of the logs and Incidents

 

Go to https://security.microsoft.com/  –> Advanced Hunting

 

Click on Start Hunting

 
SIEM-16
 

Select signinLogs and click on Run query

 

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

 
SIEM-19
 
 

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.