Forum Discussion
Why are these alerts in Microsoft Purview and not Microsoft Defender for Endpoint?
Hi all, I'm hoping this might be an obvious thing that I'm missing, so apologies in advance for asking! I regularly see alerts in Purview for a user creating a new/amending an email forwardin...
Hi!
Where is Purview pulling this data from?
--> Threat detection in Office 365 Security & Compliance (you can check the source within the alert in Purview or in Defender XDR)
Why is Defender not pulling this data down and alerting?
--> It does, maybe you need to activate the rule and set the alert: see under Defender XDR, Cloud Apps, Policy Management -> Suspicious inbox forwarding
And how do I turn on the data stream/create alerts for this activity?
--> In the settings of the above suspicious inbox forwarding rule
Hope that helps... the questions "Should it be?" and "How do I check whether the this connection is enabled, and if not, where and how do I enable it?!?" I did not understand.
Hi adiii and BillClarksonAntill
It turns out that Defender was showing these alerts as well, but I has set my filter to not show informational only. Doh!
It turns out that Defender was showing these alerts as well, but I has set my filter to not show informational only. Doh!