6. With the increase in usage, it is essential to keep track of user activities
Potential security risk with admin activities
Audit logs in the compliance center
Monitoring Microsoft 365 environments
13. Connect Office 365 logs to Azure Sentinel
O365 Audit
Logs
User / Admin
Activities
O365 Data
Connector
Azure Sentinel
Log Analytics
Workspace
Office 365
14. Read and write permissions on your Azure Sentinel workspace.
Global administrator or security administrator rights on Office 365 tenant.
Office 365 deployment must be on the same tenant as your Azure Sentinel workspace.
Prerequisites
17. Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks
Create custom workbooks across your data
Combine data from various data sources and data types
Visualize related data in a single interactive report
Workbooks
20. Detect, investigate, and remediate cyber security threats
Analyzes data from various sources to identify correlations and anomalies
Trigger alerts based on the attack techniques
Get insights of attack
Create rule from Rule templates
Analytics
23. Create an automation rule
Create a playbook
Add actions to a playbook
Attach a playbook to an automation rule or an analytics rule to automate threat response
Automate your incident response