Microsoft Defender for Office 365 for Azure Sentinel Now Available

Just a heads-up that the consolidated Microsoft Defender Data Connector for Azure Sentinel has received an upgrade today.

For many months, the only available connection for this all-in-one was for Defender for Endpoint. Today, Azure Sentinel customers can enjoy connecting Defender for Office 365 (MDO).

Microsoft Defender for Office 365!

This new connection enables data to flow to Azure Sentinel for the following sources:

EmailAttachmentInfoInformation about files attached to emails
EmailEventsMicrosoft 365 email events, including email delivery and blocking events
EmailPostDeliveryEventsSecurity events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox
EmailUrlInfoInformation about URLs on emails

Enabling the new capability is easy. Just put checkmarks in the log file boxes and then tap or click the Apply Changes button at the bottom of the Data Connector page.

Don’t forget to save it!

The documentation for this connector is also available:


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

[Subscribe to the Bi-Weekly Azure Security Center Newsletter]


Leave a Reply