Forum Discussion
email service monitor
Hi Guys, We have configured the Azure Sentinel by using Office365 connector and selected the O365 and Exchange Online logs to stream to it. But after configuring it what we can see is few dashboa...
roopesh_shetty To the best of my knowledge Office 365 connector on Azure Sentinel only pulls in audit logs (update, create, add, and delete activities), not mail flow logs. You might be able to pull in message tracking logs some other way, however I have not seen any Microsoft articles on it.
You can try looking through Azure AD Sign-in logs for connection endpoint informations. For all the mail flow related metrics I think you would still need to use Security & Compliance Center.
Example: Connections to Exchange Online based on device type
SigninLogs
| where AppDisplayName == "Office 365 Exchange Online"
| extend operatingSystem = parse_json(tostring(DeviceDetail.['operatingSystem']))
| summarize count() by tostring(operatingSystem) | render piechart
