top of page

How to Integrate Microsoft Defender XDR with Microsoft Sentinel to get SIEM and XDR in one place

In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal - https://security.microsoft.com/


It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let's begin,


Note: If you're new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel - Refer to previous Multi-part article series - Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

Log on to https://portal.azure.com and go to Microsoft Sentinel --> Content Management --> Content hub

Search for Microsoft Defender XDR Data connector

SIEM-1

Click on Install

SIEM-2

Click on Manage once the installation completed

SIEM-3

Click on Connect Incidents & alerts

SIEM-4

Select the activities to collect the logs for Sentinel

SIEM-5

Click on Apply Changes

SIEM-22

Ingrate SIEM and XDR in One Place

Go to https://security.microsoft.com/ and click on Connect a Workspace

SIEM-7

Select the Sentinel Workspace and Click on Next

Click on Connect

SIEM-10

Now it will take a few moments to connect the Microsoft Log Analytics workspace

SIEM-11

you can see it has connected to the workspace without any issues

SIEM-13

Validation of the logs and Incidents

Go to https://security.microsoft.com/  --> Advanced Hunting

Click on Start Hunting

SIEM-16

Select signinLogs and click on Run query

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

SIEM-19

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.


Let's talk about them in the upcoming articles. Until then, Ta ta!!

bottom of page