Just a heads-up that the consolidated Microsoft Defender Data Connector for Azure Sentinel has received an upgrade today.
For many months, the only available connection for this all-in-one was for Defender for Endpoint. Today, Azure Sentinel customers can enjoy connecting Defender for Office 365 (MDO).
This new connection enables data to flow to Azure Sentinel for the following sources:
EmailAttachmentInfo | Information about files attached to emails |
EmailEvents | Microsoft 365 email events, including email delivery and blocking events |
EmailPostDeliveryEvents | Security events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox |
EmailUrlInfo | Information about URLs on emails |
Enabling the new capability is easy. Just put checkmarks in the log file boxes and then tap or click the Apply Changes button at the bottom of the Data Connector page.
The documentation for this connector is also available: https://cda.ms/2X2
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
[Subscribe to the Bi-Weekly Azure Security Center Newsletter]