Microsoft Defender for Office 365 (Preview) connector for Microsoft Sentinel

Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.

The following types of alerts will be imported:

  • A potentially malicious URL click was detected
  • Email messages containing malware removed after delivery
  • Email messages containing phish URLs removed after delivery
  • Email reported by user as malware or phish
  • Suspicious email sending patterns detected
  • User restricted from sending email

These alerts can be seen by Office customers in the ** Office Security and Compliance Center**.

For more information, see the Microsoft Sentinel documentation.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) SecurityAlert (OATP)
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Next steps

For more information, go to the related solution in the Azure Marketplace.