This article details the requirements to integrate your Microsoft security product with Red Canary.

Red Canary alert ingestion requirements

Supported alert sources

• Azure Active Directory Identity Protection v2
• Microsoft 365 Defender v2
• Microsoft Defender for Cloud Apps v2
• Microsoft Defender for Endpoint v2
• Microsoft Defender for Identity v2
• Microsoft Defender for Office 365 v2

Required Microsoft licenses

To send alerts from Microsoft 365 Defender to Red Canary, one of the following licenses is required. For more information, see Licensing requirements.

• Microsoft 365 E5 or A5
• Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
• Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
• Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
• Windows 10 Enterprise E5 or A5
• Windows 11 Enterprise E5 or A5
• Enterprise Mobility + Security (EMS) E5 or A5
• Office 365 E5 or A5
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Defender for Office 365 (Plan 2)

Red Canary Microsoft Sentinel integration requirements

Required Microsoft licenses

For more information, see Pre-deployment activities and prerequisites for deploying Microsoft Sentinel.