Microsoft 365 integration

Detect Microsoft 365 threats faster, simplify your security operations and reduce cyber risk.

Enhance your Microsoft 365 security

Make your cyber security easier to manage by integrating your Microsoft 365 account with Defense.com.

Instead of switching between multiple portals in Microsoft 365, with Defense.com you can simplify your security operations by combining all alerts from Microsoft 365, and all other vendors in your environment, into one prioritised list.

Try for free

Trusted by over 3,000 businesses

NHS
Tusker
OKA
United Bank for Africa
Agilico
Beaverbrook
Blck Rhino
Clear Talernts
Cloudian
Get Support
Locta
Mede Care
Medichecks
NEACH
Structure Flow
The Edge Picture Company
Transoft Solutions
Woodside Logistics Group
K2 Mobility
NHS
Tusker
OKA
United Bank for Africa
Agilico
Beaverbrook
Blck Rhino
Clear Talernts
Cloudian
Get Support
Locta
Mede Care
Medichecks
NEACH
Structure Flow
The Edge Picture Company
Transoft Solutions
Woodside Logistics Group
K2 Mobility

Benefits & Capabilities

Collect logs and security alerts from your Microsoft 365 account and users to detect malicious activity faster.

Get alerted instantly to new security threats and vulnerabilities affecting your business.

Two-way syncing with Microsoft makes it easy to manage and remediate threats in one place.

Make threat management easier by combining telemetry from your whole security stack in one place.

Strengthen your security with clear threat remediation advice and actions to improve your Microsoft Secure Score.

Detection and response made simple

Integrating with Microsoft 365 is just one way that Defense.com helps you detect threats and reduce cyber risk. Try it for free today.

Try for free

Why choose Defense.com?

We believe that good cyber security doesn’t have to be complicated. That’s why Defense.com provides you with the detection and response capabilities to effectively reduce your cyber risk.

By combining security tools that identify threats across your environment, Defense.com enables you to prioritise and manage cyber threats with ease. Remediation advice provided by experienced security analysts ensures threats are dealt with quickly and efficiently.

Defense.com Customer Success team
Payment card industry data security standard
ISO 27001 certified
ISO 9001 certified

Here’s what our customers say about us

Protecting the world’s leading brands

Try Defense.com for free

See how Defense.com can help you detect threats across your Microsoft 365 tenant and users.

Try for free

Microsoft 365 integration FAQs

The following audit logs are supported from Microsoft Office 365 and Entra ID (Azure AD):

  • Audit.AzureActiveDirectory
  • Audit.Exchange
  • Audit.SharePoint
  • Audit.General
  • DLP.All

The following alert sources are also supported:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender For Office365
  • Microsoft 365 Defender
  • Microsoft Entra ID Protection
  • Microsoft app governance
  • Microsoft Purview Data Loss Prevention
  • Microsoft Defender for Cloud

Setting up your Microsoft 365 integration in Defense.com is quick and easy. Once you’ve set up your Defense.com account, a step-by-step setup wizard will take you through the process.

To complete this integration you’ll need access to your Azure administration account via portal.azure.com and appropriate permissions (such as Global Administrator or Application Developer) to create and manage app registrations.

You can view our detailed Microsoft 365 Integration help guide.

There aren’t any! You can bring logs and security alerts from all Microsoft 365 solutions outlined in this help guide. There is no limit on log volumes, alert volumes or number of Microsoft 365 users.

This integration uses the Microsoft Graph API to gather telemetry directly from Microsoft 365, and therefore does not require any additional logging agents to be installed.

As part of a full Defense.com SIEM deployment, we will also bring in logs and security alerts from many more products (not just Microsoft) to build a better picture of your overall security posture. This will require various logging agents to collect telemetry from local devices and other API calls for cloud systems. A Defense.com SIEM deployment is not required to use the Microsoft 365 integration.

When you mark a Microsoft 365 threat as ‘Remediated’ in Defense.com it will automatically update this threat in your Microsoft 365 account. You will see this in your Microsoft account as 'remediated by a third party'.

Conversely, once you have made the necessary changes and remediated issues in Microsoft 365, this will automatically update in your Defense.com account, too. Any configuration changes in Microsoft 365 that affect your Microsoft Secure Score will also be automatically reflected in your Defense.com account.

Subscribe

Get actionable cyber security advice and insights straight to your inbox.