Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Sentinel O365 Connector showing "No data for the given query"

Microsoft

Hi team

 

I imported and configured O365 connector for <sentinel yesterday to monitor my private O365 tenant (EXO). As of today Dashboard still show "No data for the given query" for all queries.

Should I configure anything special in EXO to make it work ? I followed instruction during wizard and it seemed very simple :)

2 Replies

@MatjazGonza 

 

@Chris Boehm: Is this something you can speak to?

@MatjazGonza 

 

Howdy :)

 

Awesome job getting everything connected for the Office 365 Audit logging, the Office 365 connector is collecting your Office 365 activity logs for Exchange and SharePoint ( If you've configured them both )

 

Example:

 

Annotation 2019-04-24 142833.png

 

The Office 365 activity log connector provides insight into ongoing user activities. ​ You will get details of operations such as file downloads, access requests sent, changes to group events, set-Mailbox and details of the user who performed the actions.​ By connecting Office 365 logs into Azure Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process.​

 

Docs on setting up Mailbox auditing is mentioned here: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

 

Docs on SharePoint Online auditing is mentioned here: https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c...

 

Let me know if that helped! :)