Office 365 ATP connector for Azure Sentinel [Public Preview]
Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel !
Description
Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.
The following types of alerts will be imported:
- A potentially malicious URL click was detected
- Email messages containing malware removed after delivery
- Email messages containing phish URLs removed after delivery
- Email reported by user as malware or phish
- Suspicious email sending patterns detected
- User restricted from sending email
These alerts can be seen by Office customers in the Office Security and Compliance Center.
Prerequisites
- Workspace: read and write permissions are required.
- Tenant Permissions: required ‘Global Administrator’ or ‘Security Administrator’ on the workspace’s tenant.
- License: Office 365 ATP Plan 2
Configuration
- Go to the portal Azure AD
- Go on Azure Sentinel
- In the Data connector section, search for Office 365 Advanced Threat Protection (Preview)
- Click on Open connector page
- Click on Connect
No Comments