In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/
It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let’s begin,
Note: If you’re new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel
Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub
Search for Microsoft Defender XDR Data connector
Click on Install
Click on Manage once the installation completed
Click on Connect Incidents & alerts
Select the activities to collect the logs for Sentinel
Click on Apply Changes
Ingrate SIEM and XDR in One Place
Go to https://security.microsoft.com/ and click on Connect a Workspace
Select the Sentinel Workspace and Click on Next
Click on Connect
Now it will take a few moments to connect the Microsoft Log Analytics workspace
you can see it has connected to the workspace without any issues
Validation of the logs and Incidents
Go to https://security.microsoft.com/ –> Advanced Hunting
Click on Start Hunting
Select signinLogs and click on Run query
you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues
if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.
Let’s talk about them in the upcoming articles. Until then, Ta ta!!