You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: unified-secops-platform/microsoft-sentinel-onboard.md
+15-10Lines changed: 15 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,24 +92,29 @@ If applicable, complete these prerequisites:
92
92
93
93
## Onboard Microsoft Sentinel
94
94
95
-
To connect a Microsoft Sentinel workspace to the Defender portal, complete the following steps. If you're onboarding Microsoft Sentinel without Defender XDR, there's an extra step to trigger the connection with Microsoft Sentinel and Defender portal.
95
+
This procedure describes how to onboard a Microsoft Sentinel-enabled workspace to the Defender portal.
96
96
97
97
1. Go to the [Microsoft Defender portal](https://security.microsoft.com/) and sign in.
98
-
1. To onboard Microsoft Sentinel without Defender XDR in the Defender portal:
99
-
1. To trigger the connection with Microsoft Sentinel, select **Investigation & response** > **Incidents**.
100
-
1. Wait a few minutes for the connection to complete.
101
-
1. In the Defender portal, select **Overview**.
102
-
1. Select **Connect a workspace**.
103
-
1. Choose the workspaces you want to connect and select **Next**.
98
+
99
+
1. If you're a Microsoft Sentinel-only customer without licenses for Defender services, and are onboarding your first workspace to Defender, start by triggering the connection to Microsoft Sentinel.
100
+
101
+
In the Defender portal, select **Investigation & response** > **Incidents**, and then wait a few minutes for the connection to complete. This step isn't needed for any subsequent workspaces you onboard to Defender.
102
+
103
+
1. Select **Home** > **Connect a workspace**.
104
+
105
+
1. Select the workspaces you want to connect and select **Next**.
106
+
104
107
1. Select the **Primary workspace**.
108
+
105
109
1. Read and understand the product changes associated with connecting your workspace.
110
+
106
111
1. Select **Connect**.
107
112
108
-
After your workspace is connected, the banner on the **Overview** page shows that your environment is ready. The **Overview** page is updated with new sections that include metrics from Microsoft Sentinel like the number of data connectors and automation rules.
113
+
After your workspace is connected, the banner on the **Home** page shows that your environment is ready. The **Home** page is updated with new sections that include metrics from Microsoft Sentinel, like the number of data connectors and automation rules.
109
114
110
115
## Explore Microsoft Sentinel features in the Defender portal
111
116
112
-
After you connect your workspace to the Defender portal, **Microsoft Sentinel** is on the left-hand side navigation pane. If you have Defender XDR enabled, pages like **Overview**, **Incidents**, and **Advanced Hunting** have unified data from the primary workspace for Microsoft Sentinel and Defender XDR. If you don't have Defender XDR enabled, these pages just include data from Microsoft Sentinel. For more information about the unified capabilities and differences between portals, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
117
+
After you connect your workspace to the Defender portal, **Microsoft Sentinel** is on the left-hand side navigation pane. If you have Defender XDR enabled, pages like **Home**, **Incidents**, and **Advanced Hunting** have unified data from the primary workspace for Microsoft Sentinel and Defender XDR. If you don't have Defender XDR enabled, these pages just include data from Microsoft Sentinel. For more information about the unified capabilities and differences between portals, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
113
118
114
119
Many of the existing Microsoft Sentinel features are integrated into the Defender portal. For these features, notice that the experience between Microsoft Sentinel in the Azure portal and Defender portal are similar. Use the following articles to help you start working with Microsoft Sentinel in the Defender portal. When using these articles, keep in mind that your starting point in this context is the [Defender portal](https://security.microsoft.com/) instead of the Azure portal.
115
120
@@ -162,7 +167,7 @@ If you decide to offboard a workspace from the Defender portal, disconnect the w
162
167
1. Provide a reason why you're disconnecting the workspace.
163
168
1. Confirm your selection.
164
169
165
-
When your workspace is disconnected, the **Microsoft Sentinel** section is removed from the left-hand side navigation of the Defender portal. Data from Microsoft Sentinel is no longer included on the Overview page.
170
+
When your workspace is disconnected, the **Microsoft Sentinel** section is removed from the left-hand side navigation of the Defender portal. Data from Microsoft Sentinel is no longer included on the **Home** page.
166
171
167
172
If you want to connect to a different workspace, from the **Workspaces** page, select the workspace and **Connect a workspace**.
![m365-skilling-repo-management[bot]](https://avatars.githubusercontent.com/in/1161012?v=4&size=40){kind=avatar}
0 commit comments