Microsoft

Defender for Identity

Microsoft Graph security is a unified gateway that consolidates security insights from various Microsoft products and services including Defender for Identity.

Depending on your underlying Microsoft license (e.g. E5), Sophos will ingest data from the following security telemetry sources via the graph API:

• Microsoft Defender for Endpoint
• Microsoft Defender for Office 365
• Microsoft Defender for Cloud Apps
• Microsoft Defender for Identity
• Microsoft Entra ID Protection
• Microsoft 365 Defender
• Microsoft Purview Data Loss Prevention

Sophos MDR and Sophos XDR customers using Microsoft security solutions can strengthen their defenses against advanced threats. The integration sends Microsoft alerts to the Sophos Central platform, which are then filtered, cleaned, correlated, and in some cases, escalated for investigation by analysts.