Microsoft Entra ID Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | AzureActiveDirectoryIdentityProtection |
| Publisher | Microsoft |
| Used in Solutions | Microsoft Entra ID Protection |
| Collection Method | Native |
| Connector Definition Files | template_AzureActiveDirectoryIdentityProtection.JSON |
Microsoft Entra ID Protection provides a consolidated view at risk users, risk events and vulnerabilities, with the ability to remediate risk immediately, and set policies to auto-remediate future events. The service is built on Microsoft’s experience protecting consumer identities and gains tremendous accuracy from the signal from over 13 billion logins a day. Integrate Microsoft Microsoft Entra ID Protection alerts with Microsoft Sentinel to view dashboards, create custom alerts, and improve investigation. For more information, see the Microsoft Sentinel documentation .
Get Microsoft Entra ID Premium P1/P2
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityAlert |
✓ | ✗ | ? |
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions.
Licenses: - Azure AD Premium P1/P2
Tenant Permissions: Requires GlobalAdmin, SecurityAdmin on the workspace's tenant
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Microsoft Entra ID Protection alerts to Microsoft Sentinel
Connect Microsoft Entra ID Protection to Microsoft Sentinel.
The alerts are sent to this Microsoft Sentinel workspace. - Connect Microsoft Entra ID Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊