Connect the Microsoft Entra ID Protection connector
Microsoft Entra ID Protection provides a consolidated view of at-risk users, risk events, and vulnerabilities, with the ability to remediate risk immediately and set policies to autoremediate future events.
Install the solution
Start by installing the solution that contains the data connector.
- For Microsoft Sentinel in the Azure portal, under Content management, select Content hub.
For Microsoft Sentinel in the Defender portal, select Microsoft Sentinel > Content management > Content hub. - Search for and select Microsoft Entra ID Protection.
- On the right-hand side pane, select Install.
Configure the data connector
After the solution is installed, connect the data connector.
In the Microsoft Sentinel left navigation menu expand Configuration, and select Data connectors.
Select Microsoft Entra ID Protection.
Then select the Open connector page on the preview pane.
Select Connect to start streaming the Microsoft Entra ID Protection alerts.
Select whether alerts from Microsoft Entra ID Protection automatically generate incidents by selecting Enable.
If you enable creating incidents, the default analytics rule "Create incidents based on Microsoft Entra ID Protection alerts" is enabled with default values. You can edit this analytical rule on the Analytics page.