top of page

How to Integrate Microsoft Defender XDR with Microsoft Sentinel to get SIEM and XDR in one place

Writer's picture: Radhakrishnan GovindanRadhakrishnan Govindan

In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal - https://security.microsoft.com/


It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let's begin,


Note: If you're new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel - Refer to previous Multi-part article series - Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

Log on to https://portal.azure.com and go to Microsoft Sentinel --> Content Management --> Content hub

Search for Microsoft Defender XDR Data connector

SIEM-1

Click on Install

SIEM-2

Click on Manage once the installation completed

SIEM-3

Click on Connect Incidents & alerts

SIEM-4

Select the activities to collect the logs for Sentinel

SIEM-5

Click on Apply Changes

SIEM-22

Ingrate SIEM and XDR in One Place

Go to https://security.microsoft.com/ and click on Connect a Workspace

SIEM-7

Select the Sentinel Workspace and Click on Next

Click on Connect

SIEM-10

Now it will take a few moments to connect the Microsoft Log Analytics workspace

SIEM-11

you can see it has connected to the workspace without any issues

SIEM-13

Validation of the logs and Incidents

Go to https://security.microsoft.com/  --> Advanced Hunting

Click on Start Hunting

SIEM-16

Select signinLogs and click on Run query

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

SIEM-19

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.


Let's talk about them in the upcoming articles. Until then, Ta ta!!

bottom of page