Domain synchronizer process "all entities from a specific Active Directory domain proactively"

bryanb 

You can find partial info here:

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/monitored-activities

I don't think there is an official list maintained in the docs, as it's very dynamic, and might change on a weekly basis.

For now the rule of thumb is there we may sync anything from AD about Users, Machines, Groups, Domains, Sites, Forests, Policies, Trusts, which is not a "Secret" like a password or a hash (which are also not interesting for detection).

Viewing the profile page of an entity you can also see some of the data we sync, although data displayed is not all the data synced.