Feb 11 2021 11:05 AM
Background: I've got these connectors to Sentinel working...
Microsoft 365 Defender (Preview)
Office 365
and I wan to alert on changes made to MCAS policies, which I would think would appear in the former. But I'm not seeing them. For example, I had an alert on the Remote Code Execution Attempt policy. It was legitimate activity, so I edited the policy to make an exception. I want to see an audit trail of that exception but I'm not finding it in Sentinel. Any ideas?
Feb 14 2021 04:09 AM