Introduction
You connect Microsoft 365 and Azure services to the Microsoft Sentinel workspace using the provided data connectors. The data connectors are included in out-of-the-box (OOTB), or built-in Content Hub solutions.
You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You'll connect Microsoft 365 and Azure services to Microsoft Sentinel.
Based on your previously documented connector plan, you use the Content Hub to install the solutions that include the specific connectors. As you activate the connectors, you notice the option to have incidents created from the Microsoft Entra ID Protection service. You don’t follow the recommended option to create incidents as you plan to activate the incident creation rule with custom options later in your implementation process.
After completing this module, you'll be able to:
- Connect Microsoft service connectors
- Explain how connectors autocreate incidents in Microsoft Sentinel
Prerequisites
Basic experience with Microsoft Azure operations.