You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/move-to-defender.md
-22Lines changed: 0 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,11 +28,6 @@ Before you start, note:
28
28
29
29
**Audience**: Security architects
30
30
31
-
**Video demos**:
32
-
33
-
-[Onboard a workspace enabled for Microsoft Sentinel to the Defender portal](https://aka.ms/onboardSentinel_in_Defender)
34
-
-[Managing unified RBAC in Microsoft Defender](https://aka.ms/defender_RBAC)
35
-
36
31
### Review planning guidance, complete prerequisites, and onboard
37
32
38
33
Review all planning guidance and finish all prerequisites before you start onboarding your workspace to the Defender portal. For more information, see the following articles:
@@ -79,12 +74,6 @@ For more information, see:
79
74
80
75
**Audience**: Security engineers
81
76
82
-
**Video demos**:
83
-
84
-
-[Discover and manage Microsoft Sentinel content and threat intelligence in Microsoft Defender](https://aka.ms/discover_defender)
85
-
-[Alert correlation in Microsoft Defender](https://aka.ms/defender_alertcorrelation)
86
-
-[Create Microsoft Sentinel automations and workbooks in Microsoft Defender](https://aka.ms/defender_automations)
87
-
88
77
### Confirm and configure data collection
89
78
90
79
When Microsoft Sentinel is integrated with Microsoft Defender, the fundamental architecture of data collection and telemetry flow remains intact. Existing connectors that were configured in Microsoft Sentinel, whether for Microsoft Defender products or other data sources, continue operating without interruption.
@@ -168,12 +157,6 @@ The following table lists fields that are important in the response snippets, an
168
157
169
158
**Audience**: Security analysts
170
159
171
-
**Video demos**:
172
-
173
-
-[SOC optimizations in Microsoft Defender](https://aka.ms/defender_soc_optimization)
174
-
-[Advanced hunting in Microsoft Defender](https://aka.ms/defender_hunting)
175
-
-[Alert correlation in Microsoft Defender](https://aka.ms/defender_alertcorrelation)
176
-
177
160
### Update incident triage processes for the Defender portal
178
161
179
162
If you've used Microsoft Sentinel in the Azure portal, you'll notice significant user experience enhancements in the Defender portal. While you may need to update SOC processes and retrain your analysts, the design consolidates all relevant information in a single place to provide more streamlined and efficient workflows.
@@ -210,7 +193,6 @@ After onboarding Microsoft Sentinel to the Defender portal, the following change
210
193
211
194
For more information, see [Incidents and alerts in the Microsoft Defender portal](/defender-xdr/incidents-overview) and [Alert correlation and incident merging in the Microsoft Defender portal](/defender-xdr/alerts-incidents-correlation).
212
195
213
-
214
196
### Note changes for investigations with Advanced hunting
215
197
216
198
After onboarding Microsoft Sentinel to the Defender portal, access and use all your existing Kusto Query Language (KQL) queries and functions in the **Advanced hunting** page.
@@ -222,7 +204,6 @@ Some differences exist, such as:
222
204
223
205
For more information, see [Advanced hunting with Microsoft Sentinel data in Microsoft Defender](/defender-xdr/advanced-hunting-microsoft-defender), especially the list of [known issues](/defender-xdr/advanced-hunting-microsoft-defender), and [Keep track of data during hunting with Microsoft Sentinel](/azure/sentinel/bookmarks).
224
206
225
-
226
207
### Investigate with entities in the Defender portal
227
208
228
209
In the Microsoft Defender portal, entities are generally either *assets*, such as accounts, hosts, or mailboxes, or *evidence*, such as IP addresses, files, or URLs.
@@ -233,8 +214,6 @@ The Defender portal also provides a global search bar that centralizes results f
233
214
234
215
For more information, see [Entity pages in Microsoft Sentinel](/azure/sentinel/entity-pages?tabs=defender-portal).
235
216
236
-
237
-
238
217
### Investigate with UEBA in the Defender portal
239
218
240
219
Most functionalities of User and Entity Behavior Analytics (UEBA) remain the same in the Defender portal as they were in the Azure portal, with the following exceptions:
@@ -275,7 +254,6 @@ For more information, see [Visualize and monitor your data by using workbooks in
275
254
276
255
## Related content
277
256
278
-
- Find related demo videos at [https://aka.ms/Sentinel_in_Defender_demos](https://aka.ms/Sentinel_in_Defender_demos)
279
257
- Watch the webinar: [Transition to the Unified SOC Platform: Deep Dive and Interactive Q&A for SOC Professionals](https://www.youtube.com/watch?v=WIM6fbJDkK4).
280
258
- See frequently asked questions in the [TechCommunity blog](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/unified-security-operations-platform---technical-faq/4189136) or the [Microsoft Community Hub](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/frequently-asked-questions-about-the-unified-security-operations-platform/4212048).
0 commit comments