![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 57.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
I would think that incidents only would be an option. Can you recount how the ArcSight integration was setup initially? You can stream these alerts and incidents to Sentinel at no additional cost. Once option would be to link M365D to a Sentinel instance (just for this purpose). This could reveal additional options for ArcSight integration with more filtering options. For example, use the workspace data export to send the incidents table to an event hub.