Connect the Microsoft Office 365 connector
The Microsoft Defender XDR connector provides insight into the suite of Microsoft Defender products including Microsoft Defender for Office 365. You'll collect data on ongoing user activities such as file downloads, access requests sent, changes to group events, set-mailbox, and details of the user who performed the actions.
To view the connector page, do these steps:
In the Microsoft Sentinel left navigation menu expand Configuration, and Select Data connectors.
Select Microsoft Defender XDR.
Then select the Open connector page on the preview pane.
Review the Description and Data types tabs to understand the data that is ingested.
In the Instructions tab, verify that you meet the Prerequisites.
In the Instructions tab, under the section labeled Configuration, select the Connect incidents and alerts button.
Wait until validation is complete and the button changes to Disconnect.
