Forum Discussion
Solved
365 Defender integration with Azure Sentinel not working
Hello folks, I have enabled the connector of 'Defender for Office 365' for my sentinel but it's more than 15 days and it has not ingested any data at all. Can someone tell what's the issue? ...
- Got this sorted via an MSP ticket. It seems it only ingests some specific alert categories from Office 365 and not all.
Hello Jon,
Yes that's how I got to know that the connector is not working. I have alerts getting generated daily in the S&C center but most of them are missing in Sentinel. In fact, there is not even a single event or log generated which is bothering me the most.
Also, I have checked for the pre-requisites and they are already in place.
Yes that's how I got to know that the connector is not working. I have alerts getting generated daily in the S&C center but most of them are missing in Sentinel. In fact, there is not even a single event or log generated which is bothering me the most.
Also, I have checked for the pre-requisites and they are already in place.
Got this sorted via an MSP ticket. It seems it only ingests some specific alert categories from Office 365 and not all.
- can you please tell me how your issue is sorted ? coz i am facing the same issue
- Hey @Yash
Would it possible to share the list of specific alert categories which gets ingested and is there a option to ingest other alerts?
Kishore- Sure Kishore, below is the page that specifies the list of alerts:
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365-advanced-threat-protection
Regarding ingesting other alerts ,the only way I have found is to define a logic app and specify the alert vendor as 'Office 365 Security and Compliance' and it works.- Thanks Yash
hi Yash,
Can you answer my question?- Sorry mate, couldn't understand your question. Can you please elaborate.
- If I use the license:
Microsoft Defender Advanced Threat Protection
Per endpoint, will this work to ingest telemetry data into Sentinel?
Or will I need to use this tool AND the Microsoft/agent log collector.
--
What do I need to send to CUSTOMER A to install on their endpoint?
