Forum Discussion

Brass Contributor

Jan 09, 2020

Solved

Office365 S&C Alerts available in Sentinel?

Hey all, we're trying to use our Sentinel to centralize alerts from all different E5 security solutions (wdatp, mcas, o365atp ..) Are O365 Alerts available in sentinel? Or are only the base O...

ehloworldio
Jan 09, 2020
mclaes

If i'm not mistaken Office Security & Compliance Center Alerts Connector is currently in private preview.

Alternatively, you could ingest these alerts via Graph Security API https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888

PJR_CDF

Iron Contributor

Jul 14, 2020

chrisbuesold

has this changed?

The default "A potentially malicious URL click was detected" alert policy in my demo tenant has these alerts as high severity and as it's a default policy the severity cannot be altered so it appears to be high by default now.

The following defaults are all still informational though:

Email messages containing malware removed after delivery
mail messages containing phish URLs removed after delivery
Email reported by user as malware or phish

Would be nice if the severity of these could be altered.

Paul

nrupaks

Copper Contributor

Nov 16, 2020

PJR_CDF , Ofer_Shezaf - Is it this one? - "Office 365 Advanced Threat Protection (Preview)"

Ofer_Shezaf
Microsoft
Nov 16, 2020
nrupaks : yes