Connect Microsoft Sentinel to Azure, Windows, Microsoft, and Amazon services

Microsoft Sentinel uses the Azure foundation to provide built-in, service-to-service support for data ingestion from many Azure and Microsoft 365 services, Amazon Web Services, and various Windows Server services. There are a few different methods through which these connections are made.

Note

For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.

Types of connections

Data connectors for Microsoft Sentinel are grouped into the following types of connectors:

• API-based connections
• Diagnostic settings connections, some of which are managed by Azure Policy
• Windows agent-based connections

See the data connector reference to find available data connectors and their related information page. You'll find information that's unique to each connector like Log Analytics tables for data storage and a link to the installation instructions.

The following articles present information that is common to each group of connectors for Microsoft services.

• API-based data connections
• Diagnostic settings-based data connections
• Windows agent-based connections

The following integrations are both more unique and popular, and are treated individually, with their own articles:

• Amazon Web Services (AWS) CloudTrail
• Microsoft Entra ID
• Azure Virtual Desktop
• Microsoft Defender XDR
• Microsoft Defender for Cloud
• Microsoft Purview Information Protection
• Windows DNS
• Windows Security Events

Next steps

• Learn about Microsoft Sentinel data connectors in general.
• Find your Microsoft Sentinel data connector.
• Learn how to get visibility into your data and potential threats.
• Get started detecting threats with Microsoft Sentinel.