How to power Azure Defender with Sentinel

Detect and investigate potential threats

Announced in September 2020 at Microsoft Ignite, Azure Defender has been presented as the evolution of Azure Security Center (ASC). As such, it integrates this latter with new features, powered by Microsoft Threat Intelligence, and it offers a homogeneous control and security management even across heterogeneous organizations (with assets that might live on-prem, on Azure, and on other cloud platforms at the same time).

In this article, I’m going to introduce you to Azure Defender, showing how to activate it to cover your active subscriptions and services and, finally, how to connect it to the Azure-native SIEM-SOAR, Sentinel.

Azure Security Center vs Azure Defender

As mentioned above, Azure Defender can be seen as the upgrade of Azure Security Center (ASC), which is the dashboard available in the Azure portal which offers an overview of all of your assets in Azure and non-Azure environments, and a set of scores and recommendations to properly secure them. More specifically, ASC is the Cloud Security Postures Management (CSPM) tool which is available at no additional costs.

On the other side, with Azure Defender we address the Cloud Workload Protection (CWP), adding a set of…