Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tip
Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.
Automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2 returns detailed information about the results. For more information, see Details and results of automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2.
However, some Microsoft 365 organizations use custom or third-party reporting solutions. Those organizations can use the Office 365 Management Activity APIs to integrate information from AIR into other reporting solutions.
| Resource | Description |
|---|---|
| Office 365 Management APIs overview | The Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Microsoft 365 and Microsoft Entra activity logs. |
| Get started with Office 365 Management APIs | The Office 365 Management API uses Microsoft Entra ID to provide authentication services for your application to access Microsoft 365 data. Follow the steps in this article to set this up. |
| Office 365 Management Activity API reference | You can use the Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Microsoft 365 and Microsoft Entra activity logs. Read this article to learn more about how this works. |
| Office 365 Management Activity API schema | Get an overview of the Common schema and the Defender for Office 365 and threat investigation and response schema to learn about specific kinds of data available through the Office 365 Management Activity API. |