Forum Discussion
RE: Microsoft Defender for Office 365 data connector
Hello,
I have an issue enabling the Microsoft Defender for Office 365 settings in the Defender XDR connector for Microsoft Sentinel.
The error is attached.
It seems related to: Categories AdvancedHunting-EmailAttachmentInfo, AdvancedHunting-EmailEvents, AdvancedHunting-EmailUrlInfo, AdvancedHunting-EmailPostDeliveryEvents are not supported...
I am not sure what it relates to, but could it be licensing concerns?
Jason
4 Replies
Hi JMSHW0420
In order to obtain many of the logs in the XDR connector other than raw alerts you will need a license that givs you the Plan 2 version of said product, in your case that error means you may not have "defender for office 365 plan 2" or a license where that is included :)
This is a matrix of all the feature in defender and what license is needed for each - https://m365maps.com/matrix.htm
Hi JMSHW0420 ,
unfortunately I don’t see the attached error, maybe because I’m on mobile 🤷♂️ but it can absolutely be related to licensing. My guess is that currently aren’t licensed for it, are you able to access those tables in Advanced Hunting or can you access the Email & Collaboration blade in the Defender portal.
(Licensing DfO365: https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description )
If those tables aren’t there then it’s not going to be able to connect that particular adapter of the connector.
Now if you are licensed then you may need to reinstall that connector. Had a few connectors that gave me trouble like that and in the end a reinstall did the trick.
Best regards,
Dylan
Hi Dylan,
Sorry, mate, it looks like I did not attach it. Here is the attachment...
The Microsoft Defender for Office 365 settings are not available for selection.
If the connector needs a reinstall, we are talking about the Defender XDR.
I keep you updated...Jason
