SlideShare a Scribd company logo

Protect Office 365 with Azure Sentinel

Download as PPTX, PDF
Nanddeep Nachan
Nanddeep Nachan

This document discusses protecting Office 365 environments with Azure Sentinel. It begins with an agenda and introductions of the presenters. It then covers challenges with monitoring Microsoft 365 environments, how to connect Office 365 logs to Azure Sentinel for monitoring and threat detection. Analytics and workbooks in Azure Sentinel are demonstrated for analyzing the Office 365 data. Playbooks and automation rules in Azure Sentinel are shown for responding to threats. References are provided and there is a Q&A section.

Technology
1 of 27
11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
 Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
Challenges with Microsoft 365 environment monitoring
 With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
Demo Audit log in the compliance center
License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
 Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
Azure Sentinel Cloud-native SIEM platform
 Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
Demo Set up Azure Sentinel
Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
 Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
Demo Connect Office 365 logs to Azure Sentinel
Workbooks Monitor the data
 Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
Demo Azure Sentinel Workbooks
Analytics Monitor the data
 Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
Demo Create Analytics Rule
Respond to Threats Use playbooks with automation rules in Azure Sentinel
 Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
Demo Use playbooks with automation rules
 Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
Q&A
Thank You! @NanddeepNachan /in/NanddeepNachan Nanddeep Nachan @SmitaNachan /in/SmitaNachan Smita Nachan

Recommended

Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure Sentinel
Samik Roy
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Azure sentinal
Azure sentinalAzure sentinal
Azure sentinal
Allied Consultants
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure Sentinel
Cheah Eng Soon
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
Cheah Eng Soon
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 

Recommended

Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure Sentinel
Samik Roy
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Azure sentinal
Azure sentinalAzure sentinal
Azure sentinal
Allied Consultants
 
Journey to Azure Sentinel
Journey to Azure SentinelJourney to Azure Sentinel
Journey to Azure Sentinel
Cheah Eng Soon
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
Cheah Eng Soon
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
Samik Roy
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021
Daniel Toomey
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
Matt Soseman
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore
 

More Related Content

What's hot

Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
Samik Roy
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021
Daniel Toomey
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
Matt Soseman
 

What's hot (20)

Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Microsoft Azure News - April 2021
Microsoft Azure News - April 2021Microsoft Azure News - April 2021
Microsoft Azure News - April 2021
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Document fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 ComplianceDocument fingerprinting in Microsoft 365 Compliance
Document fingerprinting in Microsoft 365 Compliance
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 

Similar to Protect Office 365 with Azure Sentinel

Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018
Microsoft 365 Developer
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 
Office 365 Directory Synchronization
Office 365 Directory SynchronizationOffice 365 Directory Synchronization
Office 365 Directory Synchronization
Momentum Digital Solutions Inc.
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
Debugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech ForumDebugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech Forum
Davide Benvegnù
 
Tspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentumTspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentum
amitvasu
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore
 
Debugging and interacting with production applications
Debugging and interacting with production applicationsDebugging and interacting with production applications
Debugging and interacting with production applications
Michel HUBERT
 
Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365
Chris Bortlik
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...
Todd Whitehead
 
SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365
Alberto Diaz Martin
 
Windays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with AzureWindays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with Azure
atwork
 
M365 updates for GDPR
M365 updates for GDPRM365 updates for GDPR
M365 updates for GDPR
🔐 Sebastian Pawłowski
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
Robert Crane
 
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Nanddeep Nachan
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
Adam Ochs
 

Similar to Protect Office 365 with Azure Sentinel (20)

Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam ClearyRencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
Rencore Webinar: Advanced Security Management within Office 365 with Liam Cleary
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
Office 365 Directory Synchronization
Office 365 Directory SynchronizationOffice 365 Directory Synchronization
Office 365 Directory Synchronization
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Debugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech ForumDebugging and Interacting with Production Applications - MS Online Tech Forum
Debugging and Interacting with Production Applications - MS Online Tech Forum
 
Tspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentumTspug 2015 dirsync_amit_v_momentum
Tspug 2015 dirsync_amit_v_momentum
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Debugging and interacting with production applications
Debugging and interacting with production applicationsDebugging and interacting with production applications
Debugging and interacting with production applications
 
Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365Stay Productive, Collaborative, and Secure with Microsoft 365
Stay Productive, Collaborative, and Secure with Microsoft 365
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...
 
SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365SharePoint Saturday Madrid 2017 - Serverless para Office 365
SharePoint Saturday Madrid 2017 - Serverless para Office 365
 
Windays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with AzureWindays14 - How to (remote) control Office 365 with Azure
Windays14 - How to (remote) control Office 365 with Azure
 
M365 updates for GDPR
M365 updates for GDPRM365 updates for GDPR
M365 updates for GDPR
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
 
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 

More from Nanddeep Nachan

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
Prompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E MagicPrompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E Magic
Nanddeep Nachan
 
Knowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptxKnowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptx
Nanddeep Nachan
 
Building Bots with Teams Toolkit
Building Bots with Teams ToolkitBuilding Bots with Teams Toolkit
Building Bots with Teams Toolkit
Nanddeep Nachan
 
Power Apps for Azure Cloud Professionals
Power Apps for Azure Cloud ProfessionalsPower Apps for Azure Cloud Professionals
Power Apps for Azure Cloud Professionals
Nanddeep Nachan
 
aMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetingsaMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetings
Nanddeep Nachan
 
Universal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft TeamsUniversal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft Teams
Nanddeep Nachan
 
Building Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptxBuilding Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptx
Nanddeep Nachan
 
Power Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptxPower Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptx
Nanddeep Nachan
 
Sessionize Custom Connector
Sessionize Custom ConnectorSessionize Custom Connector
Sessionize Custom Connector
Nanddeep Nachan
 
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 GroupsSharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
Nanddeep Nachan
 
Bring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS TeamsBring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS Teams
Nanddeep Nachan
 
Microsoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFxMicrosoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFx
Nanddeep Nachan
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
Nanddeep Nachan
 
PL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App MakerPL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App Maker
Nanddeep Nachan
 
Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of Excellence
Nanddeep Nachan
 
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFxSharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
Nanddeep Nachan
 
SharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groupsSharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groups
Nanddeep Nachan
 
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extensionVirtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Nanddeep Nachan
 
PL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform FundamentalsPL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform Fundamentals
Nanddeep Nachan
 

More from Nanddeep Nachan (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Prompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E MagicPrompt to Pixel: DALL-E Magic
Prompt to Pixel: DALL-E Magic
 
Knowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptxKnowledge Quest Teams Bot.pptx
Knowledge Quest Teams Bot.pptx
 
Building Bots with Teams Toolkit
Building Bots with Teams ToolkitBuilding Bots with Teams Toolkit
Building Bots with Teams Toolkit
 
Power Apps for Azure Cloud Professionals
Power Apps for Azure Cloud ProfessionalsPower Apps for Azure Cloud Professionals
Power Apps for Azure Cloud Professionals
 
aMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetingsaMS Pune - Building apps for Teams meetings
aMS Pune - Building apps for Teams meetings
 
Universal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft TeamsUniversal Actions for Adaptive Cards on Microsoft Teams
Universal Actions for Adaptive Cards on Microsoft Teams
 
Building Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptxBuilding Bots with Azure and consume anywhere.pptx
Building Bots with Azure and consume anywhere.pptx
 
Power Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptxPower Platform Custom Connector Deep Dive.pptx
Power Platform Custom Connector Deep Dive.pptx
 
Sessionize Custom Connector
Sessionize Custom ConnectorSessionize Custom Connector
Sessionize Custom Connector
 
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 GroupsSharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
 
Bring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS TeamsBring your SharePoint apps to MS Teams
Bring your SharePoint apps to MS Teams
 
Microsoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFxMicrosoft Viva Connections - Set up and Extend with SPFx
Microsoft Viva Connections - Set up and Extend with SPFx
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
 
PL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App MakerPL-100 Microsoft Power Platform App Maker
PL-100 Microsoft Power Platform App Maker
 
Explore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of ExcellenceExplore Microsoft Power Platform Center of Excellence
Explore Microsoft Power Platform Center of Excellence
 
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFxSharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
 
SharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groupsSharePoint PnP Demo - react-manage-o365-groups
SharePoint PnP Demo - react-manage-o365-groups
 
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extensionVirtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
Virtual Hub - Host SharePoint Framework web part as MS Teams messaging extension
 
PL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform FundamentalsPL-900 Microsoft Power Platform Fundamentals
PL-900 Microsoft Power Platform Fundamentals
 

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Protect Office 365 with Azure Sentinel

  • 1. 11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
  • 2. AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
  • 3. Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
  • 4.  Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
  • 5. Challenges with Microsoft 365 environment monitoring
  • 6.  With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
  • 7. Demo Audit log in the compliance center
  • 8. License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
  • 9.  Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
  • 11.  Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
  • 12. Demo Set up Azure Sentinel
  • 13. Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
  • 14.  Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
  • 15. Demo Connect Office 365 logs to Azure Sentinel
  • 17.  Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
  • 20.  Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
  • 22. Respond to Threats Use playbooks with automation rules in Azure Sentinel
  • 23.  Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
  • 24. Demo Use playbooks with automation rules
  • 25.  Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
  • 26. Q&A

Editor's Notes

  1. https://docs.microsoft.com/en-us/azure/sentinel/overview
  2. https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview
  3. https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook