The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to Sentinel? Read more to learn about one approach.
Updated the post a few hours after publication, with the link to a repo containing some examples:
https://github.com/mikoiv/MicrosoftSentinel-MultitenantXDRIncidents/tree/main
Updated the post a few hours after publication, with the link to a repo containing some examples:
https://github.com/mikoiv/MicrosoftSentinel-MultitenantXDRIncidents/tree/main