Microsoft 365 connector for Microsoft Sentinel

The Microsoft 365 (formerly, Office 365) activity log connector provides insight into ongoing user activities. You will get details of operations such as file downloads, access requests sent, changes to group events, set-mailbox and details of the user who performed the actions. By connecting Microsoft 365 logs into Microsoft Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process. For more information, see the Microsoft Sentinel documentation.

Connector attributes

Connector attribute Description
Log Analytics table(s) OfficeActivity (SharePoint)
OfficeActivity (Exchange)
OfficeActivity (Teams)
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Next steps

For more information, go to the related solution in the Azure Marketplace.