Previous Articles
n
Part 1: Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
n
Part 2: Microsoft Sentinel Implementation a Deep Dive – Part 2: Microsoft Sentinel Deployment
n
Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors
n
n
Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment
n
n
Installing and Configuring Microsoft 365 Connector to Microsoft Sentinel
n
in this Article, we will see how we can integrate Microsoft 365 Logs with Log Analytics Workspace and Microsoft Sentinel.
n
Go to Microsoft Sentinel, Search for Microsoft 365 Data Connector, and install it under Content hub
n
n
Once Installed, click on Manage
n
n
Click on Manage
n
n
Select Exchange, Sharepoint, Teams and click on Apply Changes
n
n
Once the Data Connector is configured with presets and it will start collecting the logs.
n
Testing Microsoft 365 Data Connector
n
Click on Rule templates under Click on Analytics, Search for Mail redirect via ExO transport rule
n
n
Click on Create rule
n
n
Enter Name as per the requirement and click on Set Rule Logic
n
n
Leave the Rule query as it is and select 1 Hours query interval and click on Incident settings
n
n
Enable the Incident settings and Automated responses
n
n
Create an Automation rule with Action Owner to assign it to your account.
n
n
Post the rule created and match logs found, Now you can see the incident it is created
n
n
you can see the assigned owner and status of the Incident.
n
n
you can see more details if you click Investigate
n
n
and more details as follows,
n
n
Below is the Transport rule used to test the log generation and Incident creation
n
n
n
n