Background: I've got these connectors to Sentinel working...
Microsoft 365 Defender (Preview)
and I wan to alert on changes made to MCAS policies, which I would think would appear in the former. But I'm not seeing them. For example, I had an alert on the Remote Code Execution Attempt policy. It was legitimate activity, so I edited the policy to make an exception. I want to see an audit trail of that exception but I'm not finding it in Sentinel. Any ideas?