Sentinel Transition To Defender Helper Script

Sentinel customers, this one is for you.

Sentinel customers, this one is for you.

Microsoft Sentinel is now available in the Microsoft Defender portal, bringing SIEM and XDR together in one place for investigations, detections and response. From July 2026, Sentinel will only be supported in the Defender portal, so if you are still operating purely from the Azure portal, now is the right time to plan your move.

One area I see many teams overlook is the operational detail of that transition:

🔹Defender XDR data usage and retention

🔹Analytics rules behaviour and visibility

🔹Automation rules and incident correlation changes

To make this easier, the Sentinel Transition To Defender Helper PowerShell script has been created to validate your current setup and highlight what needs attention.

What it does:

✅ Reviews how Defender XDR data is used with Sentinel so you can make informed choices about queries and retention

✅ Checks Analytics Rules, including Fusion status and alert only rules that might not surface as expected in Defender

✅ Assesses Automation Rules so triggers continue to work correctly when incident naming and correlation change in the Defender portal

✅ Uses Microsoft Security Insights APIs with an app that has Sentinel Reader access to safely analyse your environment

👉Get the script here: https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Sentinel-Defender-Helper-Script

Kudos to: Mario Cuomo

LinkedIn: José Lázaro | LinkedIn

#Microsoft #MicrosoftSecurity #SIEM #XDR #MicrosoftSentinel #Cybersecurity #MSPartnerUK