Microsoft Defender for Office 365 (Preview)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Connectors Index

Attribute Value
Connector ID OfficeATP
Publisher Microsoft
Used in Solutions Microsoft Defender for Office 365
Collection Method Native
Connector Definition Files template_OfficeATP.json

Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.

The following types of alerts will be imported:

These alerts can be seen by Office customers in the ** Office Security and Compliance Center**.

For more information, see the Microsoft Sentinel documentation.

Tables Ingested

This connector ingests data into the following tables:

Table Transformations Ingestion API Lake-Only
SecurityAlert ?

Permissions

Resource Provider Permissions: - Workspace (Workspace): read and write permissions.

Licenses: - Office Advanced Threat Protection

Tenant Permissions: Requires GlobalAdmin, SecurityAdmin on the workspace's tenant

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Connect Microsoft Defender for Office 365 alerts to Microsoft Sentinel

Connecting Microsoft Defender for Office 365 will cause your data that is collected by Microsoft Defender for Office 365 service to be stored and processed in the location that you have configured your Microsoft Sentinel workspace. - Connect Microsoft Defender for Office 365

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Connectors Index