How do I connect my Azure Defender instance to Red Canary?
Microsoft Defender for Endpoint
Azure Defender is part of Azure Security Center, which offers advanced threat protection for hybrid workloads running in Azure, on-premises, and in other clouds. Once enabled, Azure Defender will communicate with Microsoft Defender for Endpoint to send endpoint data including telemetry to Red Canary.
- To confirm this setting is enabled, browse to http://portal.azure.com and select Security Center. Select Pricing & Settings on the left side menu, then select Integrations.
- If not selected, check the box "Allow Microsoft Defender for Endpoint to access my data" and click Save.
See Enable the Microsoft Defender for Endpoint integration for additional information.