You're reading from Mastering Microsoft 365 Defender Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats

Product type Paperback

Published in Jul 2023

Publisher Packt

ISBN-13 9781803241708

Length 572 pages

Edition 1st Edition

Tools

Office 365

Concepts

Cybersecurity

Authors (2):

Ru Campbell

Viktor Hedberg

View More author details

Table of Contents (33) Chapters

Preface

1. Part 1: Cyber Threats and Microsoft 365 Defender

2. Chapter 1: Microsoft and Modern Cybersecurity Threats FREE CHAPTER

3. Chapter 2: Microsoft 365 Defender: The Big Picture

4. Part 2: Microsoft Defender for Endpoint

5. Chapter 3: The Fundamentals of Microsoft Defender for Endpoint

6. Chapter 4: Onboarding Windows Clients and Servers

7. Chapter 5: Getting Started with Microsoft Defender Antivirus for Windows

8. Chapter 6: Advanced Microsoft Defender Antivirus for Windows

9. Chapter 7: Managing Attack Surface Reduction for Windows

10. Chapter 8: Managing Additional Capabilities for Windows

11. Chapter 9: Onboarding and Managing macOS

12. Chapter 10: Onboarding and Managing Linux Servers

13. Chapter 11: Onboarding and Managing iOS and Android

14. Part 3: Microsoft Defender for Identity

15. Chapter 12: Deploying Microsoft Defender for Identity

16. Chapter 13: Managing Defender for Identity

17. Part 4: Microsoft Defender for Office 365

18. Chapter 14: Deploying Exchange Online Protection

19. Chapter 15: Deploying Defender for Office 365

20. Part 5: Microsoft Defender for Cloud Apps

21. Chapter 16: Implementing and Managing Microsoft Defender for Cloud Apps

22. Part 6: Proactive Security and Incident Response

23. Chapter 17: Maintaining Security Hygiene and Threat Awareness

24. Chapter 18: Extended Detection and Response with Microsoft 365 Defender

25. Chapter 19: Advanced Hunting with KQL

26. Chapter 20: Microsoft Sentinel Integration

27. Chapter 21: Understanding Microsoft 365 Defender APIs

28. Part 7: Glossary and Answers

29. Chapter 22: Glossary

30. Chapter 23: Answers

31. Index

Why subscribe?

32. Other Books You May Enjoy

Connecting Microsoft 365 Defender to Sentinel

To establish the connection between Microsoft 365 Defender and Sentinel, you need to complete some actions in Sentinel, which you can do in the Azure portal. You should be a Global or Security Administrator to complete these processes.

There are three types of integrations you can configure:

Incidents and alerts
Advanced hunting events
User and Entity Behavior Analytics (UEBA), based on MDI

Of these, incidents and alerts do not have an additional cost. These are the SecurityIncident and SecurityAlert data types, respectively. Advanced hunting and UEBA have a cost based on the amount of data and analysis, the details of which you should review independently, including using the pricing information provided in the Further reading section in this chapter.

We’ll begin the discussion on how to connect Microsoft 365 Defender to Sentinel with incidents and alerts.