--- title: Microsoft Defender for Cloud description: Monitor Microsoft Defender for Cloud breadcrumbs: Docs > Integrations > Microsoft Defender for Cloud --- # Microsoft Defender for Cloud Integration version1.0.0 ## Overview{% #overview %} Collect logs and alerts from [Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction). Defender for Cloud is a cloud-native application protection platform (CNAPP) that monitors Microsoft Azure applications, gives insight into Azure security risks through cloud security posture management (CSPM), and protects Azure cloud workloads for servers, containers, storage, and databases (CWPP). Enable Datadog Cloud SIEM to use out-of-the-box security rules to monitor your Azure environment along side your other security infrastructure. ## Setup{% #setup %} ### Installation{% #installation %} This integration requires that the Datadog Azure integration is enabled. It forwards logs to Datadog through Azure using event hubs. The integration requires that the log forwarder be at least version `1.0.1` or later. ### Configuration{% #configuration %} Configure Defender for Cloud to [continuously export logs](https://learn.microsoft.com/en-us/azure/defender-for-cloud/continuous-export?tabs=azure-portal) to the event hub. No additional configuration is needed within Datadog. ### Validation{% #validation %} Follow [these instructions from Microsoft](https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation) to generate sample alerts in Defender for Cloud. Defender for Cloud logs can be accessed using `source:microsoft-defender-for-cloud` in Log Management. If using Datadog Cloud SIEM, confirm that the Microsoft Defender for Cloud detection rules are enabled: 1. In the Datadog menu, go to **Security** > **Configuration** and expand **Cloud SIEM**. 1. Select "Detection Rules". On the right-hand side, click the **Group By** selector and select **Source** to group the detection rules by source. 1. Scroll down and expand the section titled **Azure**. Scroll through the list to find the Microsoft Defender for Cloud rules. Make sure the rules are toggled on. ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} Microsoft Defender for Cloud does not include any metrics. ### Service Checks{% #service-checks %} Microsoft Defender for Cloud does not include any service checks. ### Events{% #events %} Microsoft Defender for Cloud does not include any events. ## Troubleshooting{% #troubleshooting %} To confirm that Cloud SIEM is receiving Defender for Cloud Alerts, follow these steps: 1. In the Datadog menu, go to **Security** > **Configuration** and expand **Cloud SIEM**. 1. Select **Log Sources** and scroll down to **Azure**. 1. Review whether Microsoft Defender for Cloud is listed as **Installed**. 1. Inspect the column chart to confirm that logs are being received. 1. If logs are being received, go to **Logs** > **Search** and search for `source:microsoft-defender-for-cloud`. You may need to change the time window for logs to appear. 1. Inspect the logs and confirm that they are properly formed. If you are still having trouble, contact [Datadog support](https://docs.datadoghq.com/help/).