Greetings and thank you for all your great content. I've really been looking forward to the unification of Defender Portal and Sentinel but once connected I felt there is alot missing still. Playbooks for example. We use those extensively to enrich our entities in Sentinel Incidents but I have yet to find a way to do that in the Defender Portal
Hi! The workspace is still usable from within the Azure Portal. The unified security operations platform only supports a single workspace today. In case you also need to manage Defender for Endpoint in a multi tenant scenario; I would suggest to have a look at M365 Lighthouse
Greetings and thank you for all your great content. I've really been looking forward to the unification of Defender Portal and Sentinel but once connected I felt there is alot missing still. Playbooks for example. We use those extensively to enrich our entities in Sentinel Incidents but I have yet to find a way to do that in the Defender Portal
What do you think of it today? I know some things will still live in the Azure Portal; but have you got used to the new portal?
Thanks for video. Logs in advanced threat hunting option in defender are limited to 30 days? Or microsoft extended as new tables from sentinel appear?
How does this work when you use Lightouse to "see" multiple tenants?
Hi! The workspace is still usable from within the Azure Portal. The unified security operations platform only supports a single workspace today.
In case you also need to manage Defender for Endpoint in a multi tenant scenario; I would suggest to have a look at M365 Lighthouse
first