Previous Articles
Part 1: Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
Part 2: Microsoft Sentinel Implementation a Deep Dive – Part 2: Microsoft Sentinel Deployment
Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors
Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment
Installing and Configuring Microsoft 365 Connector to Microsoft Sentinel
- in this Article, we will see how we can integrate Microsoft 365 Logs with Log Analytics Workspace and Microsoft Sentinel.
- Go to Microsoft Sentinel, Search for Microsoft 365 Data Connector, and install it under Content hub
Once Installed, click on Manage
Click on Manage
Select Exchange, Sharepoint, Teams and click on Apply Changes
Once the Data Connector is configured with presets and it will start collecting the logs.
Testing Microsoft 365 Data Connector
Click on Rule templates under Click on Analytics, Search for Mail redirect via ExO transport rule
Click on Create rule
Enter Name as per the requirement and click on Set Rule Logic
Leave the Rule query as it is and select 1 Hours query interval and click on Incident settings
Enable the Incident settings and Automated responses
Create an Automation rule with Action Owner to assign it to your account.
Post the rule created and match logs found, Now you can see the incident it is created
you can see the assigned owner and status of the Incident.
you can see more details if you click Investigate
and more details as follows,
Below is the Transport rule used to test the log generation and Incident creation