Forum Discussion
Solved
365 Defender integration with Azure Sentinel not working
Hello folks, I have enabled the connector of 'Defender for Office 365' for my sentinel but it's more than 15 days and it has not ingested any data at all. Can someone tell what's the issue? ...
- Got this sorted via an MSP ticket. It seems it only ingests some specific alert categories from Office 365 and not all.
Hello Yash,
Have you checked to see if you have any alerts in protection.office.com? The connector only receives a log entry for an actual alert.
Also - Prerequisites
To integrate with Microsoft Defender for Office 365 (Preview) make sure you have:
Workspace: read and write permissions are required.
Tenant Permissions: required 'Global Administrator' or 'Security Administrator' on the workspace's tenant.
License: required Microsoft Defender for Office 365 Plan 2 (included with the Office 365 E5, Office 365 A5, and Microsoft 365 E5 licenses, and available for purchase separately)
Thank You
Jon Bub
Arbala Security
Have you checked to see if you have any alerts in protection.office.com? The connector only receives a log entry for an actual alert.
Also - Prerequisites
To integrate with Microsoft Defender for Office 365 (Preview) make sure you have:
Workspace: read and write permissions are required.
Tenant Permissions: required 'Global Administrator' or 'Security Administrator' on the workspace's tenant.
License: required Microsoft Defender for Office 365 Plan 2 (included with the Office 365 E5, Office 365 A5, and Microsoft 365 E5 licenses, and available for purchase separately)
Thank You
Jon Bub
Arbala Security
Hi Jon,
Would stand-alone defender licenses suffice Per endpoint?
Thanks.
BF
Would stand-alone defender licenses suffice Per endpoint?
Thanks.
BF