Connect the Microsoft Entra ID Protection connector
Microsoft Entra ID Protection provides a consolidated view of at-risk users, risk events, and vulnerabilities, with the ability to remediate risk immediately and set policies to autoremediate future events.
To view the connector page, do the following steps:
Select Data connectors page.
Select Microsoft Entra ID Protection.
Then select the Open connector page on the preview pane.
Select Connect to start streaming the Microsoft Entra ID Protection alerts.
Select whether alerts from Microsoft Entra ID Protection automatically generate incidents by selecting Enable.
If you enable creating incidents, the default analytics rule "Create incidents based on Microsoft Entra ID Protection alerts" is enabled with default values. You can edit this analytical rule on the Analytics page.