Forum Discussion

GI472's avatar
GI472
Brass Contributor
Nov 29, 2023
Solved

Why are these alerts in Microsoft Purview and not in Microsoft Defender for Endpoint?

Hi all,   I'm hoping this might be an obvious thing that I'm missing, so apologies in advance for asking!   I regularly see alerts in Purview for a user creating a new/amending an email forwardin...
  • BillClarksonAntill's avatar
    BillClarksonAntill
    Nov 30, 2023

    Hey GI472

     

    Answers are in red for you

     

    • Where is Purview pulling this data from? - Data is pulled from the Azure Service Fabric, Sharepoint, Azure Platform etc. Purview views data from an enterprise level rather than an individual service
    • Why is Defender not pulling this data down and alerting? - Defender will alert based on the Microsoft Defender products, so more security then compliance/data focused 
    • Should it be? - you can integrate Microsoft Purview Information protection into Sentinel if u want to see alerts generated within the Microsoft Security Stack. Sentinel provides you with an all eyes view of all security related alerts from the Defender Stack, Purview etc into one place
    • And how do I turn on the data stream/create alerts for this activity? - If u want to stream data and create alerts, you can use Sentinel to enable the data connector for Purview and alert, stream data etc into your sentinel workspace to look at

    Hope this helps

BillClarksonAntill's avatar
BillClarksonAntill
Iron Contributor
Nov 30, 2023

Hey GI472

 

Answers are in red for you

 

  • Where is Purview pulling this data from? - Data is pulled from the Azure Service Fabric, Sharepoint, Azure Platform etc. Purview views data from an enterprise level rather than an individual service
  • Why is Defender not pulling this data down and alerting? - Defender will alert based on the Microsoft Defender products, so more security then compliance/data focused 
  • Should it be? - you can integrate Microsoft Purview Information protection into Sentinel if u want to see alerts generated within the Microsoft Security Stack. Sentinel provides you with an all eyes view of all security related alerts from the Defender Stack, Purview etc into one place
  • And how do I turn on the data stream/create alerts for this activity? - If u want to stream data and create alerts, you can use Sentinel to enable the data connector for Purview and alert, stream data etc into your sentinel workspace to look at

Hope this helps

Resources