Forum Discussion
Sentinel O365 Connector showing "No data for the given query"
Hi team
I imported and configured O365 connector for <sentinel yesterday to monitor my private O365 tenant (EXO). As of today Dashboard still show "No data for the given query" for all queries.
Should I configure anything special in EXO to make it work ? I followed instruction during wizard and it seemed very simple :)
2 Replies
- Chris Boehm
Microsoft
Howdy :)
Awesome job getting everything connected for the Office 365 Audit logging, the Office 365 connector is collecting your Office 365 activity logs for Exchange and SharePoint ( If you've configured them both )
Example:
The Office 365 activity log connector provides insight into ongoing user activities. You will get details of operations such as file downloads, access requests sent, changes to group events, set-Mailbox and details of the user who performed the actions. By connecting Office 365 logs into Azure Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process.
Docs on setting up Mailbox auditing is mentioned here: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing
Docs on SharePoint Online auditing is mentioned here: https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2
Let me know if that helped! :)
- Valon_Kolica
Microsoft