Skip to main content
Status Page Contact Us
AARNet Home

Stream events from Microsoft 365 Defender to Event Hubs

  • Updated

Prerequisites

To follow these instructions, you’ll need:

  • Azure subscription.
  • A Microsoft Entra ID tenant.
  • A user account that is a Global Administrator or Security Administrator for the Microsoft Entra ID tenant.

Configure Microsoft 365 Defender

To stream events from Microsoft 365 Defender to Event Hubs, you need to:

  1. Create a resource group in Azure Portal.
  2. Create a Microsoft Entra App Registration.
  3. Create an Event Hubs namespace within the new resource group.
  4. Create an event hub in the new namespace.
  5. Configure roles to export data to the new event hub.
  6. Configure Microsoft 365 Defender.
  7. Retrieve the connection string for your new event hub.
  8. Send the connection string and consumer group name to SOC.

Related articles