The information that gets pulled in includes things like file downloads, access requests sent, mailbox operations, team events, and many other important bits of office 365 information. The URL on your screen provides more information about integration with Microsoft defender for endpoint:Īzure Sentinel’s office 365 log connector allows you to pull in ongoing user and admin activities in exchange, SharePoint, one drive, and teams into Azure Sentinel. This allows you to analyze security events across the organization, and it also allows you to build playbooks to facilitate a more effective and immediate response to threats. ![]() Azure Sentinel’s Microsoft defender for endpoint connector can be used to stream alerts from Microsoft defender for endpoint into Azure Sentinel. Visit the URL on your screen to read more about integration with Microsoft 365 defender:Īnother Microsoft 365 service that you can connect to from Azure Sentinel is Microsoft defender for endpoint. The Microsoft 365 defender connector also allows you to stream advanced hunting events from Microsoft defender for endpoint into Azure Sentinel as well. It also ensures that the incidents between both portals, meaning the Microsoft 365 defender portal and Azure Sentinel are synchronized. This connector includes incident integration and allows you to stream all Microsoft 365 defender incidents and alerts into Azure Sentinel. This allows you to connect Azure Sentinel to Microsoft 365 defender, which was actually formerly known as Microsoft threat protection. Once you connect Azure Sentinel to your data source, you can then stream logs from that data source into Azure Sentinel.Īzure Sentinel comes with a Microsoft 365 defender connector. From here, you can select the data source you are most interested in. From the data connectors page, you can open the data connectors, gallery, which is a list of all of the different data sources that you can connect to. To connect to the different data sources in your environment, including Microsoft 365 data sources, you use the data connectors page in Azure Sentinel. We’ve already established that Azure Sentinel pulls data in from different services and apps by connecting to them and then forwarding events and logs into Azure Sentinel. Now, before we get into the specifics of each of the Microsoft 365 services, let’s just take a quick look at the generic overview process of how Azure Sentinel connects to data sources. ![]() ![]() In this lesson, will take a look at the different Microsoft 365 services that Azure Sentinel can be connected to. Welcome to connecting Azure Sentinel to Microsoft 365.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |