Not able to ingest a logs from Microsoft Exchange and Microsoft Defender XDR

Robin Jha 0 Reputation points
2024-08-21T19:39:24.9066667+00:00

Hey

I have deployed the Microsoft Sentinel and are able to be getting some logs from signing logs. But a want a log for my cloud apps and for that. I have installed the Microsoft defender XDR connector. it is connected successfully but when I checked didn't get any logs for Exchange, Teams and SharePoint or OneDrive. Sentinel is also connected with the Microsoft Defender. I have the Global Administrator permission and proper subscription for that does anyone help me. Why my data types isn't connected when the connector is working fine.

Thanks

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,348 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,123 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
138 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 32,311 Reputation points Microsoft Employee
    2024-08-27T05:29:32.5133333+00:00

    @Robin Jha Thank you for reaching out to us, as far I am aware you need to have Microsoft 365 (formerly, Office 365) activity log connector which will help to get info from SharePoint/Exchange/Teams - https://video2.skills-academy.com/en-us/azure/sentinel/data-connectors/microsoft-365

    Let me know if this info helps to achieve the above ask. Also, refer to this https://video2.skills-academy.com/en-us/azure/sentinel/connect-data-sources?tabs=azure-portal which has list of connectors available with Sentinel which you can use to ingest data to Sentinel as per your requirements.

    Let me know if you have any further questions, feel free to post back.

    0 comments
  2. Andrew Blumhardt 9,856 Reputation points Microsoft Employee
    2024-08-27T12:21:15.7266667+00:00

    I think you are missing the "Microsoft 365 (formerly, Office 365)" connector. I believe these are also free to ingest.

    This adds the following tables.
    OfficeActivity (SharePoint)

    OfficeActivity (Exchange)

    OfficeActivity (Teams)

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.