Introduction
This module covers the topic of Microsoft Sentinel's integration into the Microsoft Defender portal, creating a unified security operations platform. This integration simplifies operations by reducing the need for managing multiple tools and enhances hunting capabilities by allowing queries across different data sets from a single portal.
Imagine you're a security operations manager in a large multinational corporation. You're tasked with streamlining your team's operations and enhancing their hunting capabilities. Your team currently uses multiple tools for different tasks, which often lead to complexity and errors. You also want to enable automatic attack disruption for your SAP applications and provide unified entity pages for devices, users, IP addresses, and Azure resources. The solution lies in integrating Microsoft Sentinel into the Microsoft Defender portal.
The topics covered in this module include:
- Understanding the Integration of Microsoft Sentinel and Defender XDR in the Defender Portal
- Understanding Capability Differences between Azure and Defender Portals in Microsoft Sentinel
- Onboarding Microsoft Sentinel to Microsoft Defender XDR: Prerequisites and Steps
- Navigating Microsoft Sentinel Features in the Defender Portal
Learning objectives
By the end of this module, you're able to:
- Understand the differences between Microsoft Sentinel capabilities in Azure and Defender portals.
- Know the prerequisites for integrating Microsoft Defender XDR with Microsoft Sentinel.
- Connect a Microsoft Sentinel workspace to Microsoft Defender XDR.
Prerequisites
- Familiarity with security operations in an organization
- Experience installing and configuring Microsoft Sentinel services
- Experience with using and navigating the Microsoft Defender portal