Apr 16 2019 11:44 PM
Hi team
I imported and configured O365 connector for <sentinel yesterday to monitor my private O365 tenant (EXO). As of today Dashboard still show "No data for the given query" for all queries.
Should I configure anything special in EXO to make it work ? I followed instruction during wizard and it seemed very simple 🙂
Apr 24 2019 08:58 AM
Apr 24 2019 11:31 AM
Howdy 🙂
Awesome job getting everything connected for the Office 365 Audit logging, the Office 365 connector is collecting your Office 365 activity logs for Exchange and SharePoint ( If you've configured them both )
Example:
The Office 365 activity log connector provides insight into ongoing user activities. You will get details of operations such as file downloads, access requests sent, changes to group events, set-Mailbox and details of the user who performed the actions. By connecting Office 365 logs into Azure Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process.
Docs on setting up Mailbox auditing is mentioned here: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing
Docs on SharePoint Online auditing is mentioned here: https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c...
Let me know if that helped! 🙂