{"id":11672,"date":"2025-05-20T09:01:46","date_gmt":"2025-05-20T00:01:46","guid":{"rendered":"https:\/\/m365jp.net\/?p=11672"},"modified":"2025-05-20T09:04:40","modified_gmt":"2025-05-20T00:04:40","slug":"mc1077861-microsoft-defender-for-cloud-apps-siem-agents-will-retire","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-05-20-mc1077861-microsoft-defender-for-cloud-apps-siem-agents-will-retire","title":{"rendered":"MC1077861 | Microsoft Defender for Cloud Apps: SIEM agents will retire"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1077861 | Microsoft Defender for Cloud Apps: SIEM agents will retire<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/19\/2025 23:43:41<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>05\/19\/2025 23:43:22<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>01\/09\/2026 08:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2025-06-18T07:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>As part of our ongoing convergence process for all Microsoft Defender workloads, we will retire SIEM (Security Information and Event Management) agents from Microsoft Defender for Cloud Apps in starting mid-November 2025 and ending late November 2025. We   recommend you transition to APIs that support the management of activities and alerts data from multiple workloads.  <\/p>\n<p>[How this will affect your organization:]  <\/p>\n<p>Existing Microsoft Defender for Cloud Apps SIEM agents will function as is until the SIEM agents retire, but no new SIEM agents can be configured starting June 19, 2025. Microsoft Sentinel agents will remain supported and can still be added.<\/p>\n<p>Defender for Cloud Apps alerts and activities data currently supported in the SIEM agents are also available in the unified API and SIEM solutions that provide access to alerts and activity data for all Microsoft security products, for cross-workload visibility:<\/p>\n<ul>\n<li>For alerts and activities, Defender XDR streaming API: <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/streaming-api\" target=\"_blank\">  Stream Microsoft Defender XDR events &#8211; Microsoft Defender XDR | Microsoft Learn<\/a>  <\/li>\n<li>For Microsoft Entra ID Protection login events: <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-identitylogonevents-table\" target=\"_blank\">  IdentityLogonEvents table in the advanced hunting schema &#8211; Microsoft Defender XDR | Microsoft Learn<\/a>  <\/li>\n<li>For alerts, Microsoft Graph security alerts API (v2): <a href=\"https:\/\/learn.microsoft.com\/graph\/api\/security-list-alerts_v2?view=graph-rest-1.0&amp;tabs=http\" target=\"_blank\">  List alerts_v2 &#8211; Microsoft Graph v1.0 | Microsoft Learn<\/a>  <\/li>\n<li>We also recommend viewing Defender for Cloud Apps alerts data in the Microsoft Defender XDR incidents API. Learn more:  <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/api-incident\" target=\"_blank\">Microsoft Defender XDR incidents APIs and the incidents resource type &#8211; Microsoft Defender XDR | Microsoft Learn<\/a>  <\/li>\n<\/ul>\n<p>These APIs enhance security monitoring and management and offer additional supported capabilities that utilize data from multiple Microsoft Defender workloads.<\/p>\n<p>[What you need to do to prepare:]<\/p>\n<p>To ensure continuity and access to the same data available before this retirement through Microsoft Defender for Cloud Apps SIEM agents, we recommend transitioning to the supported unified API and SIEM solutions. We encourage you to begin planning your migration   to these solutions to take advantage of their enhanced capabilities. <\/p>\n<p>Learn more: <a href=\"https:\/\/learn.microsoft.com\/defender-cloud-apps\/siem\" target=\"_blank\">  Generic SIEM integration &#8211; Microsoft Defender for Cloud Apps | Microsoft Learn<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>\u3059\u3079\u3066\u306e Microsoft Defender \u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u306b\u5bfe\u3059\u308b\u7d99\u7d9a\u7684\u306a\u30b3\u30f3\u30d0\u30fc\u30b8\u30a7\u30f3\u30b9 \u30d7\u30ed\u30bb\u30b9\u306e\u4e00\u74b0\u3068\u3057\u3066\u30012025 \u5e74 11 \u6708\u4e2d\u65ec\u304b\u3089 2025 \u5e74 11 \u6708\u4e0b\u65ec\u307e\u3067\u3001Microsoft Defender for Cloud Apps \u304b\u3089 SIEM (\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u304a\u3088\u3073\u30a4\u30d9\u30f3\u30c8\u7ba1\u7406) \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u5ec3\u6b62\u3057\u307e\u3059\u3002\u8907\u6570\u306e\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u304b\u3089\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3068\u30a2\u30e9\u30fc\u30c8 \u30c7\u30fc\u30bf\u306e\u7ba1\u7406\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b API \u306b\u79fb\u884c\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306b\u5f71\u97ff\u3057\u307e\u3059\u304b:]<\/p>\n<p>\u65e2\u5b58\u306e Microsoft Defender for Cloud Apps SIEM \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306f\u3001SIEM \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u304c\u5ec3\u6b62\u3055\u308c\u308b\u307e\u3067\u305d\u306e\u307e\u307e\u6a5f\u80fd\u3057\u307e\u3059\u304c\u30012025 \u5e74 6 \u6708 19 \u65e5\u4ee5\u964d\u3001\u65b0\u3057\u3044 SIEM \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u69cb\u6210\u3059\u308b\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093\u3002Microsoft Sentinel \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306f\u5f15\u304d\u7d9a\u304d\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3001\u5f15\u304d\u7d9a\u304d\u8ffd\u52a0\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>SIEM \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3067\u73fe\u5728\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b Defender for Cloud Apps \u306e\u30a2\u30e9\u30fc\u30c8\u3068\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3 \u30c7\u30fc\u30bf\u306f\u3001\u3059\u3079\u3066\u306e Microsoft \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u306e\u30a2\u30e9\u30fc\u30c8\u3068\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3 \u30c7\u30fc\u30bf\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u63d0\u4f9b\u3059\u308b\u7d71\u5408 API \u3068 SIEM \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u3082\u4f7f\u7528\u3067\u304d\u3001\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u9593\u306e\u53ef\u8996\u6027\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30a2\u30e9\u30fc\u30c8\u3068\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u3064\u3044\u3066\u306f\u3001Defender XDR \u30b9\u30c8\u30ea\u30fc\u30df\u30f3\u30b0 API: <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/streaming-api\" target=\"_blank\">  Microsoft Defender XDR \u30a4\u30d9\u30f3\u30c8\u306e\u30b9\u30c8\u30ea\u30fc\u30df\u30f3\u30b0 &#8211; Microsoft Defender XDR |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a>  <\/li>\n<li>Microsoft Entra ID Protection \u30ed\u30b0\u30a4\u30f3 \u30a4\u30d9\u30f3\u30c8\u306e\u5834\u5408: <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-identitylogonevents-table\" target=\"_blank\">  \u9ad8\u5ea6\u306a\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0 \u30b9\u30ad\u30fc\u30de\u306e IdentityLogonEvents \u30c6\u30fc\u30d6\u30eb &#8211; Microsoft Defender XDR |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a>  <\/li>\n<li>\u30a2\u30e9\u30fc\u30c8\u306e\u5834\u5408\u3001Microsoft Graph \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30e9\u30fc\u30c8 API (v2): <a href=\"https:\/\/learn.microsoft.com\/graph\/api\/security-list-alerts_v2?view=graph-rest-1.0&amp;tabs=http\" target=\"_blank\">  \u30ea\u30b9\u30c8 alerts_v2 &#8211; Microsoft Graph v1.0 |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a>  <\/li>\n<li>\u307e\u305f\u3001Microsoft Defender XDR \u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 API \u3067 Defender for Cloud Apps \u30a2\u30e9\u30fc\u30c8 \u30c7\u30fc\u30bf\u3092\u8868\u793a\u3059\u308b\u3053\u3068\u3082\u304a\u52e7\u3081\u3057\u307e\u3059\u3002\u8a73\u7d30\u60c5\u5831:  <a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/api-incident\" target=\"_blank\">Microsoft Defender XDR \u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 API \u3068\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ea\u30bd\u30fc\u30b9\u306e\u7a2e\u985e &#8211; Microsoft Defender XDR |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a>  <\/li>\n<\/ul>\n<p>\u3053\u308c\u3089\u306e API \u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u76e3\u8996\u3068\u7ba1\u7406\u3092\u5f37\u5316\u3057\u3001\u8907\u6570\u306e Microsoft Defender \u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u304b\u3089\u306e\u30c7\u30fc\u30bf\u3092\u5229\u7528\u3059\u308b\u8ffd\u52a0\u306e\u30b5\u30dd\u30fc\u30c8\u6a5f\u80fd\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002<\/p>\n<p>\u3010\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068\u3011<\/p>\n<p>\u3053\u306e\u5ec3\u6b62\u524d\u306b Microsoft Defender for Cloud Apps SIEM \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u901a\u3058\u3066\u5229\u7528\u53ef\u80fd\u306a\u540c\u3058\u30c7\u30fc\u30bf\u3078\u306e\u7d99\u7d9a\u6027\u3068\u30a2\u30af\u30bb\u30b9\u3092\u78ba\u4fdd\u3059\u308b\u305f\u3081\u306b\u3001\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u7d71\u5408 API \u3068 SIEM \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u79fb\u884c\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u3078\u306e\u79fb\u884c\u3092\u8a08\u753b\u3057\u59cb\u3081\u3066\u3001\u305d\u306e\u5f37\u5316\u3055\u308c\u305f\u6a5f\u80fd\u3092\u6d3b\u7528\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002  <\/p>\n<p>\u8a73\u7d30\u60c5\u5831: <a href=\"https:\/\/learn.microsoft.com\/defender-cloud-apps\/siem\" target=\"_blank\">  \u6c4e\u7528 SIEM \u7d71\u5408 &#8211; Microsoft Defender for Cloud Apps |\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30e9\u30fc\u30f3<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1077861 | Microsoft Defender for Cloud Apps: SIEM agents will retire Classification planForChange Last Updat [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11672","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11672","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=11672"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/11672\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=11672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=11672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=11672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}