top of page

How to Integrate Microsoft Defender XDR with Microsoft Sentinel to get SIEM and XDR in one place

In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal -

It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let's begin,

Note: If you're new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel - Refer to previous Multi-part article series - Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

Log on to and go to Microsoft Sentinel --> Content Management --> Content hub

Search for Microsoft Defender XDR Data connector


Click on Install


Click on Manage once the installation completed


Click on Connect Incidents & alerts


Select the activities to collect the logs for Sentinel


Click on Apply Changes


Ingrate SIEM and XDR in One Place

Go to and click on Connect a Workspace


Select the Sentinel Workspace and Click on Next

Click on Connect


Now it will take a few moments to connect the Microsoft Log Analytics workspace


you can see it has connected to the workspace without any issues


Validation of the logs and Incidents

Go to  --> Advanced Hunting

Click on Start Hunting


Select signinLogs and click on Run query

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues


if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.

Let's talk about them in the upcoming articles. Until then, Ta ta!!

bottom of page