SOLVED

Microsoft Dynamics in Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-1206590%22%20slang%3D%22en-US%22%3EMicrosoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206590%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20team%2C%20we%20are%20looking%20at%20integrating%20Microsoft%20Dynamics%20into%20Azure%20Sentinel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20seen%20a%20good%20integration%20methodology%20for%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20about%20to%20play%20with%20it%20in%20a%20Sandbox%2C%20but%20would%20like%20to%20hear%20success%20%2F%20failure%20stories.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206709%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206709%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375190%22%20target%3D%22_blank%22%3E%40fedecharosky%3C%2FA%3E%26nbsp%3BInterested%20to%20hear%20what%20data%20you%20would%20like%20to%20see.%20Anything%20more%20than%20this%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fenable-use-comprehensive-auditing%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Fenable-use-comprehensive-auditing%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206737%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206737%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324945%22%20target%3D%22_blank%22%3E%40rodtrent%3C%2FA%3Ewe%20plan%20to%20do%20a%20threat%20model%20exercise%20to%20undrestand%20the%20threat%20scenarios%20in%20detail%20and%20then%20I'll%20have%20a%20more%20qualified%20answer%20for%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20terms%20of%20the%20integration%20of%20the%20events%20and%20telemetry%20into%20Sentinel%20and%20Log%20Analytics%20-%20would%20we%20get%20that%20straight%20into%20OfficeActivity%20(assuming%20E5%20license)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1576562%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1576562%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375190%22%20target%3D%22_blank%22%3E%40fedecharosky%3C%2FA%3E%26nbsp%3Ba%20few%20months%20on%20did%20you%20manage%20to%20get%20a%20solution%20and%20some%20use%20cases%20for%20this%3F%26nbsp%3B%20I'm%20in%20a%20similar%20position%20now%20to%20where%20you%20were%20a%20few%20months%20ago%20and%20am%20thinking%20of%20use%20cases%20where%20we%20could%20ingest%20data%20from%20D365%20into%20Sentinel%20to%20improve%20security%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1577088%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1577088%22%20slang%3D%22en-US%22%3EIt%20would%20be%20great%20to%20get%20some%20information%20on%20that%20too.%3CBR%20%2F%3EI%20was%20looking%20at%20possibly%20using%20the%20Office%20365%20Audit%20Logs%20%2FAPI%20bu%20would%20be%20great%20to%20know%20if%20anybody%20has%20already%20implemented%20it%20and%20possible%20use%20cases.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1577760%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1577760%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63550%22%20target%3D%22_blank%22%3E%40Rich%20King%3C%2FA%3E%26nbsp%3Bnothing%20specific%20-%20we%20kept%20it%20very%20%22OfficeActivity%22%20related%20for%20the%20most%20part.%20I'll%20check%20with%20the%20teams%20to%20see%20if%20they%20moved%20this%20any%20further.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1592324%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1592324%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63550%22%20target%3D%22_blank%22%3E%40Rich%20King%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375190%22%20target%3D%22_blank%22%3E%40fedecharosky%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F536747%22%20target%3D%22_blank%22%3E%40caiodaruizcorrea%3C%2FA%3E%26nbsp%3B%3A%20private%20preview%20for%20a%20Dynamics%20connector%20will%20start%20next%20month.%20You%20can%26nbsp%3B%3CSPAN%3Ejoin%20our%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSecurityPrP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22%2Fteams%2FAzureSentinelProductInfo%2FSitePages%2FAzure-Sentinel-General-FAQ.aspx%23my-customer-or-i-want-to-join-a-private-preview%22%3EPrivate%20Previews%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bprogram%20to%20get%20updates.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1592447%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1592447%22%20slang%3D%22en-US%22%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E.%20Will%20certainly%20do!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1599767%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1599767%22%20slang%3D%22en-US%22%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%20-%20perfect%20timing!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1600601%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Dynamics%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1600601%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3Bthanks%20for%20confirming!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi team, we are looking at integrating Microsoft Dynamics into Azure Sentinel.

 

Has anyone seen a good integration methodology for this?

 

We are about to play with it in a Sandbox, but would like to hear success / failure stories.

 

Thanks!

 

 

9 Replies

@fedecharosky Interested to hear what data you would like to see. Anything more than this?

 

https://docs.microsoft.com/en-us/power-platform/admin/enable-use-comprehensive-auditing

@rodtrentwe plan to do a threat model exercise to undrestand the threat scenarios in detail and then I'll have a more qualified answer for you.

 

In terms of the integration of the events and telemetry into Sentinel and Log Analytics - would we get that straight into OfficeActivity (assuming E5 license)?

 

 

Hi @fedecharosky a few months on did you manage to get a solution and some use cases for this?  I'm in a similar position now to where you were a few months ago and am thinking of use cases where we could ingest data from D365 into Sentinel to improve security

It would be great to get some information on that too.
I was looking at possibly using the Office 365 Audit Logs /API bu would be great to know if anybody has already implemented it and possible use cases.

@Rich King nothing specific - we kept it very "OfficeActivity" related for the most part. I'll check with the teams to see if they moved this any further.

Best Response confirmed by fedecharosky (Occasional Contributor)
Solution

@Rich King@fedecharosky , @caiodaruizcorrea : private preview for a Dynamics connector will start next month. You can join our Private Previews program to get updates.

Thanks @Ofer_Shezaf. Will certainly do!
Thanks @Ofer_Shezaf - perfect timing!

@Ofer_Shezaf thanks for confirming!