Key Takeaways:
- Microsoft has announced the integration of Defender for Cloud with its Microsoft Defender XDR solution.
- This capability provides organizations with improved tools to protect cloud-based applications and respond to threats across enterprise environments.
- Microsoft Sentinel customers are advised to make specific configuration changes to prevent duplicate alerts and incidents.
Microsoft has announced the general availability of Defender for Cloud’s integration with Microsoft Defender XDR. This release offers administrators direct access to investigate and manage Defender for Cloud alerts and incidents within the Microsoft Defender portal.
Microsoft Defender for Cloud is a security solution that enables organizations to protect cloud-based applications from security threats and vulnerabilities. It offers various capabilities such as code security remediation, attack path analysis, and security posture monitoring.
Moreover, Microsoft Defender XDR (formerly Microsoft 365 Defender) is a unified experience that allows administrators to detect, prevent, investigate, and respond to threats in enterprise environments. The service automatically blocks the attack and mitigates issues with affected user identities, endpoints, and mailboxes.
Microsoft announced the public preview of Defender for Cloud’s integration with Microsoft Defender XDR in November last year. This feature provides detailed insights to security teams regarding any suspicious or malicious events that occur within their cloud environments.
Additionally, the integration of Defender for Cloud incidents and alerts into Microsoft Defender XDR’s public API makes it easier to export security alert data to any system. These capabilities allow organizations to improve their overall operational efficiency significantly.
What is the impact on Microsoft Sentinel users?
Microsoft Sentinel customers are advised to make certain configuration changes to prevent the creation of duplicate alerts and incidents. “As a Microsoft Sentinel customer, you can benefit from this powerful integration in your own workspaces using the Defender XDR Incidents and Alerts connector simplifying attack detection by streaming merged detections from various sources,” Microsoft explained.
Commercial customers are recommended to install version 3.0 of the Defender for Cloud connector. Moreover, IT administrators will need to connect the Tenant-based Microsoft Defender for Cloud (Preview) connector to synchronize the entire collection of subscriptions with the incidents.
Furthermore, Microsoft recommends disconnecting the legacy subscription-based Microsoft Defender for Cloud connector to prevent duplicate alerts. It’s also recommended to turn off any analytics rules used to create incidents from Defender for Cloud alerts.