Managed Azure Sentinel

How to Connect Microsoft Defender Advanced Threat Protection to Azure Sentinel?

Connect Microsoft Defender APT to Azure Sentinel.

If Microsoft Defender Advanced Threat Protection is deployed and ingesting your data, the alerts can easily be streamed into Azure Sentinel.

  1. In Azure Sentinel, select Data connectors, click the Microsoft Defender Advanced Threat Protection tile and select Open connector page.
  2. Click Connect.
  3. To use the relevant schema in Log Analytics for the Defender ATP alerts, search for SecurityAlert and the Provider name is MDATP.