Unexpected SharePoint Access Alerts in Microsoft Defender after Teams Premium Webinar Publication

Dear experts,

We recently published a video recording of a Teams Premium Webinar via the platform https://events.teams.microsoft.com.

Shortly after publication, Microsoft Defender issued alerts indicating that there were access attempts to our SharePoint environment – apparently triggered by external participants or recipients of the webinar recording.

The video was published exclusively via the event page mentioned above, and we did not knowingly use SharePoint or OneDrive as a source.
Therefore, we kindly ask for your support in clarifying the following questions:

Is there any background linkage between the Microsoft Events platform and SharePoint or OneDrive that could explain such access patterns?

How is it possible that these SharePoint access alerts occurred, despite the video being embedded or streamed solely through the Events platform?

Are there any known scenarios where the Events platform indirectly triggers access to SharePoint resources?

Can you assist us in narrowing down the root cause of the Defender alert (e.g. by providing access to logs or relevant configuration insights)?

We appreciate your support and look forward to your response.

Kind regards,
Tatjana