Microsoft Sentinel to Defender Portal Migration Readiness Tool

What Changed

New version of the Sentinel Defender Adoption Helper tool that analyzes Microsoft Sentinel environments for readiness to onboard into the Microsoft Defender portal. The tool consists of a PowerShell analysis script and an interactive HTML dashboard.

Tool Capabilities

Analysis Areas

Defender XDR Table Retention: Compares 30-day vs 730-day retention to identify tables that don’t require separate Sentinel ingestion
Analytics Rules Assessment: Evaluates Fusion engine status, alert visibility, incident reopening, custom grouping, and Microsoft incident creation rules
Automation Rules Review: Checks incident provider vs alert product naming, Fusion dependencies, and alert trigger configurations
Data Lake Region Support: Validates workspace region compatibility with Data Lake features

Dashboard Features

Multi-workspace overview with readiness scores and per-workspace breakdowns
Grouped rule checks with individual sub-assessments for analytics and automation rules
Export capabilities (PDF generation) and direct Azure portal blade links
Knowledge base with Microsoft documentation references and multi-tenant guidance

Migration Planning Value

This tool addresses the critical assessment phase before moving Sentinel to the Defender portal. Key planning insights:

Fusion Rule Impact: Identifies workspaces where Fusion rules will be automatically disabled post-migration
Incident Configuration Gaps: Flags analytics rules that don’t generate incidents (creating alert-only noise)
Automation Rule Dependencies: Highlights automation rules dependent on Fusion that will break after migration
Data Retention Optimization: Recommends which Defender XDR tables can rely on native 30-day retention vs requiring extended Sentinel storage

The assessment categorizes findings as OK (no action), WARNING (requires attention), or INFORMATIONAL (no migration blocker) to prioritize remediation efforts.

Affected Files

Tools/Sentinel-Defender-Helper-Script/New Version/DefenderAdoptionHelper.ps1
Tools/Sentinel-Defender-Helper-Script/New Version/README.md
Tools/Sentinel-Defender-Helper-Script/New Version/dashboard.html
Tools/Sentinel-Defender-Helper-Script/New Version/results.csv
Tools/Sentinel-Defender-Helper-Script/New Version/sentinelEnvironments.json

What Changed#

Tool Capabilities#

Analysis Areas#

Dashboard Features#

Migration Planning Value#

Affected Files#