The integration is not that difficult. The configuration is simple, but the data connector documentation is lacking in useful information. If Microsoft improves the documentation, we will be able to see how to complete the integration from start to finish. In the past, we have encountered problems during the integration process because the documentation was incomplete. For example, we recently deployed Microsoft Defender for Identity with the help of our Active Directory team. Initially, they told us that only a few ports were required, but later they said that more ports were needed. Our environment did not allow these additional ports, and we were not aware of this requirement. This delayed the project and caused frustration for our team members. The customer also expected the project to be completed sooner, but unexpected firewall rules and undocumented configuration requirements prevented us from doing so. We had to open a case with Microsoft for assistance, and we were eventually able to resolve the issue. The playbook is a bit difficult and could be improved. For those who do not have a deep understanding of playbooks or programming languages, it would be better to have extensive documentation and information available online. When I started working with Sentinel, there were times when we had to refer to the documentation to get information about the configuration or implementation steps. If we encountered errors in the implementation, we had to rely on the internet to figure out how to fix them. The information available online is not that comprehensive and does not cover specific maintenance tasks. If the documentation were improved a bit, and the playbook and automation were made easier to use, it would be a great benefit for technical users. The AI and Machine Learning can be improved.
