Organizations want the analysis of their growth, personnel, operations, and work environment to ensure that they are heading in the right direction. Microsoft Sentinel assists you in detecting, alerting on, investigating, and resolving security events and performing in-depth analysis. It can gather data from a variety of sources and analyze it for security concerns and occurrences. In this article, we will discuss how to use Office 365 Audit data with Microsoft Sentinel.
Steps to use Office 365 Audit Data with Microsoft Sentinel
Create a Workbook in Microsoft Sentinel for Office 365 Audit Data
- Go to the Microsoft Sentinel page in the Azure admin center.
- Create a new log analytics workspace and Add Sentinel to it.
- Add the name of the workspace and the region it is managed in.
- After the new workspace’s validation test is successful, Click Review and Create, and then click Create to finish creating the new workspace. (Await the completion of the new workspace’s deployment.)
- Select the workspace and click Add to add Microsoft Sentinel to the workspace.
- Once the new workspace is accessible, Select Workbooks from the Threat management section.
- Search “Office 365” Workbook.
- Configure the workbook (Microsoft Sentinel verifies that the account transferring Office 365 data to the workbook has the tenant administrator or security administrator role assigned.)
- Select which of the three data types listed in the worksheet should be imported by Microsoft Sentinel via the Office 365 connector (Exchange, SharePoint, and Teams).
- Select all three and click Apply Changes.
(After the above step, it takes some time to import data using Office 365 Connector. This process occurs in the background)
Once the workbook is created, we can proceed to the Data visualization steps.
Data visualization in Microsoft Sentinel
- Go to Workbooks under Threat Management.
- Choose Office 365 from My Workbooks.
- Open saved workbook.
The Sentinel displays the data it imports from the Office 365 audit log. You can select different time periods from the last five minutes to ninety days. Other filters include the workloads and user types.
Apps4Rent Can Help with Importing Office 365 Data to Microsoft Sentinel
Microsoft Sentinel provides extensive reporting capabilities that help with analyzing all the connected audit data. But importing data from Office 365 is a difficult and a time-consuming process and can lead to loss of data if the operation is interrupted. As a Microsoft Gold Partner in several competencies, Apps4Rent can help with Microsoft 365 licensing, configuration, and migrating data from Office 365 hassle-free. Call, chat, or email our senior Microsoft 365 consultants, available 24/7 for assistance.