Hey folks,
As Microsoft is deprecating the Microsoft Sentinel portal and transitions into Unified XDR platform by March 30th 2027, we want to proactively announce that some of the connectors will be considered deprecated on the same date.
Additionally, we reviewed existing connectors and observed that there are multiple connectors that are solving the same use case. As part of this initiative, we want to consolidate and also deprecate redundant connectors to offer better supportability.
The following connectors will be considered deprecated on March 30th 2027:
- Microsoft Azure Sentinel Incident Connector v2 (Microsoft Sentinel)
- Microsoft Sentinel Incident Tracking Connector (Microsoft Sentinel)
- Microsoft Defender ATP Connector V2 (Microsoft Defender for Endpoint)
- Microsoft Defender ATP Connector (Microsoft Defender for Endpoint)
- Microsoft Graph Security Connector (Microsoft Graph Security)
- Microsoft Graph Office 365 Security and Compliance Connector (Microsoft Graph Security)
What is the current impact?
The connectors mentioned above will not receive any new FRs enhancement and only critical bugs will be handled (eq data loss). After the deprecation date, the following connectors will stop receiving any support.
What connector should be used?
Microsoft 365 Defender - Incidents Connector. This connector is designed for Microsoft Defender XDR and it supports ingestion of alerts from all sources (including Microsoft Sentinel, Defender for Endpoint, Defender for Cloud etc). It was built on top of latest Graph API and follows best practices. If there are any gaps that you feel like this connector doesn’t cover - we will prioritise them to be resolved.
Note: switching the connector may require updates to the playbooks, because the underlying data structure will be different.
