How to integrate an o365 mailbox with Microsoft Sentinel ?

Vinay babu Pamu 0 Reputation points
2023-04-05T14:35:07.0566667+00:00

How to integrate an o365 mailbox with Microsoft Sentinel ? So that any new email comes to this mailbox, automatically Sentinel has to generate an alert.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,691 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,291 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andrew Blumhardt 10,051 Reputation points Microsoft Employee
    2023-04-05T15:26:10.6+00:00

    That sounds feasible. Create a logic app using a scheduled trigger to get emails from an email enabled account using the built-in M365 connector then send the alert to Sentinel. All of the building blocks are available as logic app activities.

    1 person found this answer helpful.

  2. Alistair Ross 7,466 Reputation points Microsoft Employee
    2023-04-21T08:54:05.0433333+00:00

    Another and easier way would be to use Custom Detections in M365 Defender. If you are using Defender for Office, you can set up a simple query, such as the one below, that alerts on every mail that reaches the mailbox.

    EmailEvents
    | where RecipientEmailAddress == "******@contoso.com"
    

    Using the M365 Defender connector in Sentinel, the alerts can then be sent directly to Sentinel and raised as incidents at no additional cost, with the raw logs left in M365 Defender. Alistair

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.