Previous Articles

n

Part 1:  Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

n

Part 2: Microsoft Sentinel Implementation a Deep Dive – Part 2: Microsoft Sentinel Deployment

n

Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors

n

Part 4: Microsoft Sentinel Implementation a Deep Dive – Part 4: Deploy VM to Validate the Microsoft Sentinel Deployment

n

Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment

n


n

Installing and Configuring Microsoft 365 Connector to Microsoft Sentinel

n

in this Article, we will see how we can integrate Microsoft 365 Logs with Log Analytics Workspace and Microsoft Sentinel.

n

Go to Microsoft Sentinel, Search for Microsoft 365 Data Connector, and install it under Content hub

n

Sentinel-6-1

n

Once Installed, click on Manage

n

Sentinel-6-2

n

Click on Manage

n

Sentinel-6-3

n

Select Exchange, Sharepoint, Teams and click on Apply Changes

n

Sentinel-6-4

n

Once the Data Connector is configured with presets and it will start collecting the logs.

n

Testing Microsoft 365 Data Connector

n

Click on Rule templates under Click on Analytics, Search for Mail redirect via ExO transport rule

n

Sentinel-6-5

n

Click on Create rule

n

Sentinel-6-7

n

Enter Name as per the requirement and click on Set Rule Logic

n

Sentinel-6-8

n

Leave the Rule query as it is and select 1 Hours query interval and click on Incident settings

n

Sentinel-6-9

n

Enable the Incident settings and Automated responses

n

Sentinel-6-10

n

Create an Automation rule with Action Owner to assign it to your account.

n

Sentinel-6-11

n

Post the rule created and match logs found, Now you can see the incident it is created

n

Sentinel-6-13

n

you can see the assigned owner and status of the Incident.

n

Sentinel-6-14

n

you can see more details if you click Investigate

n

Sentinel-6-15

n

and more details as follows,

n

Sentinel-6-17

n

Below is the Transport rule used to test the log generation and Incident creation

n

n

Sentinel-6-17

n


n

Leave a comment

Your email address will not be published. Required fields are marked *