Apr 05 2021 09:15 AM - edited Apr 05 2021 11:28 AM
Hi All,
While surfing Sentinel's FAQ (https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/), I saw this:
"Azure Activity Logs, Office 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Defender products (Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint), Azure Security Center, Microsoft Cloud App Security, and Azure Information Protection can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics."
I'm marking in bold the O365 portion because I was looking at that particular connector and what I see in the connector´s description is:
"The Office 365 activity log connector provides insight into ongoing user activities. You will get details of operations such as file downloads, access requests sent, changes to group events, set-mailbox and details of the user who performed the actions. By connecting Office 365 logs into Azure Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process."
A few questions here:
Thanks!
G