I'm experimenting with connecting data sources into my Sentinel environment. I'm trying to connect natively, an O365 (E3) source that I have provisioned through Partner Network licensing. It's under a different tenant and isn't visible under the Sentinel 0365 connector config page. I believe that the connector has changed since last year in regards to multi-tenant native connections*. I also have a similar issue with MS Defender ATP trial as a source.
What other solutions have people used for that scenario (multi-tenant Sentinel inputs for MS products)? Webjobs, EventHubs, LogicApps etc or is there a simple option I've missed?
I'm having some good success with other sources and have plans for other, non-native, connectors... (e.g. syslog from my non-Windows OSs and Cisco kit etc).
Thanks.
* 'Azure Sentinel now enables Office 365 single-tenant connection'
