Synchronize MCAS with Azure sentinel (alert management)

Trevax 21 Reputation points

Hello everyone !

I have a bidirectional problem with MCAS

Let me explain, when closing an incident (via the MCAS connector) on Azure Sentinel, it is not close on MCAS. I am looking for a way to synchronize MCAS with Azure Sentinel.
I started to do some research to find a solution and here are my leads.

Manual solution
Setting up of a playbook which triggers each time an incident, with the MCAS connector, is closed.
Then, close the incident via MCAS API token.

Native solution
Disable each connector (MDI, MDO, MDE, MCAS) and enable the Microsoft 365 Defender (Preview) connector to centralize everything.
Microsoft 365 Defender is two-way. Pass incidents from MCAS through Defender, will sync Azure Sentinel alert to MCAS ?
However, (according to my research) the M365 Defender connector seems to only include MDE (at the moment). MDI, MDO and MCAS are "soon available".
→ Waiting for a native solution from Microsoft ?

Have you ever encountered this problem ? What solution do you recommend ?

Thanks a lot !

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,056 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee

    @MAHEEdouard-0441 The M365 defender connector is coming soon, cannot confirm the ETA here, you can get that from a Support case if you have the NDA.
    You can keep using the manual solution for now but the native one is also not far away and should be available in near months.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful