Abstract image of a woman sitting on books and studying on a laptop

Protect Office 365 with Azure Sentinel

Download as PPTX, PDF
Nanddeep Nachan, profile picture
Nanddeep Nachan

This document discusses protecting Office 365 environments with Azure Sentinel. It begins with an agenda and introductions of the presenters. It then covers challenges with monitoring Microsoft 365 environments, how to connect Office 365 logs to Azure Sentinel for monitoring and threat detection. Analytics and workbooks in Azure Sentinel are demonstrated for analyzing the Office 365 data. Playbooks and automation rules in Azure Sentinel are shown for responding to threats. References are provided and there is a Q&A section.

Technology
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
 Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
Challenges with Microsoft 365 environment monitoring
 With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
Demo Audit log in the compliance center
License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
 Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
Azure Sentinel Cloud-native SIEM platform
 Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
Demo Set up Azure Sentinel
Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
 Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
Demo Connect Office 365 logs to Azure Sentinel
Workbooks Monitor the data
 Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
Demo Azure Sentinel Workbooks
Analytics Monitor the data
 Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
Demo Create Analytics Rule
Respond to Threats Use playbooks with automation rules in Azure Sentinel
 Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
Demo Use playbooks with automation rules
 Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
Q&A
Thank You! @NanddeepNachan /in/NanddeepNachan Nanddeep Nachan @SmitaNachan /in/SmitaNachan Smita Nachan

More Related Content

PPTX
Azure sentinel
Marius Sandbu
 
PPTX
Getting Started with Azure Sentinel
Samik Roy
 
PPTX
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
PPTX
Azure sentinal
Allied Consultants
 
PPTX
Journey to Azure Sentinel
Cheah Eng Soon
 
PPTX
Azure Sentinel with Office 365
Cheah Eng Soon
 
PPTX
Azure Sentinel
Cheah Eng Soon
 
PDF
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Azure sentinel
Marius Sandbu
 
Getting Started with Azure Sentinel
Samik Roy
 
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
Azure sentinal
Allied Consultants
 
Journey to Azure Sentinel
Cheah Eng Soon
 
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel
Cheah Eng Soon
 
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 

What's hot (20)

PPTX
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
PDF
Introduction to Azure Sentinel
arnaudlh
 
PPTX
Remediate and secure your organization with azure sentinel
Samik Roy
 
PDF
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
PDF
introduction to Azure Sentinel
Robert Crane
 
PPTX
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
PPTX
Microsoft Azure News - April 2021
Daniel Toomey
 
PDF
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
PDF
Azure Sentinel Tips
Mario Worwell
 
PPTX
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
PDF
Elastic SIEM (Endpoint Security)
Kangaroot
 
PDF
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
PDF
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
PDF
Getting Started with Azure Security Center
Cheah Eng Soon
 
PPTX
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
PPTX
MCAS High Level Architecture May 2021
Matt Soseman
 
PDF
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
PDF
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
 
PPTX
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
PPTX
Using m365 defender to protect against solorigate
Matt Soseman
 
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
Introduction to Azure Sentinel
arnaudlh
 
Remediate and secure your organization with azure sentinel
Samik Roy
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
introduction to Azure Sentinel
Robert Crane
 
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Microsoft Azure News - April 2021
Daniel Toomey
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
Azure Sentinel Tips
Mario Worwell
 
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Elastic SIEM (Endpoint Security)
Kangaroot
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Getting Started with Azure Security Center
Cheah Eng Soon
 
Document fingerprinting in Microsoft 365 Compliance
Matt Soseman
 
MCAS High Level Architecture May 2021
Matt Soseman
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
 
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
Using m365 defender to protect against solorigate
Matt Soseman
 
Ad

Similar to Protect Office 365 with Azure Sentinel (20)

PDF
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Prometix Pty Ltd
 
PPTX
Azure Sentinel.pptx
Mohit Chhabra
 
PPTX
Adam ochs sentinel
Adam Ochs
 
PPTX
NVS_Sentinel
Mike Mihm
 
PPTX
Microsoft Sentinel and Its Components.pptx
Infosectrain3
 
PPTX
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
PPTX
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
PDF
Microsoft Azure Sentinel
BGA Cyber Security
 
PPTX
Microsoft Sentinel Deployment V1.pptx
saadatali65
 
PPTX
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
PDF
Azure Sentinel
Kumton Suttiraksiri
 
PPTX
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Nanddeep Nachan
 
PDF
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
 
PDF
L400-P1 Overview.pdf
FadhilMuhammad80
 
PDF
How to get deeper administration insights into your tenant
Robert Crane
 
PDF
do you want to know about what is Microsoft Sentinel.pdf
amilsaifi5
 
PPTX
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
PDF
Security management
Dean Iacovelli
 
PPTX
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Tom Janetscheck
 
PDF
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Prometix Pty Ltd
 
Azure Sentinel.pptx
Mohit Chhabra
 
Adam ochs sentinel
Adam Ochs
 
NVS_Sentinel
Mike Mihm
 
Microsoft Sentinel and Its Components.pptx
Infosectrain3
 
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
Microsoft Azure Sentinel
BGA Cyber Security
 
Microsoft Sentinel Deployment V1.pptx
saadatali65
 
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Azure Sentinel
Kumton Suttiraksiri
 
Purview Days 2023 - Graph Notifications - A better way to process M365 Audit ...
Nanddeep Nachan
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
 
L400-P1 Overview.pdf
FadhilMuhammad80
 
How to get deeper administration insights into your tenant
Robert Crane
 
do you want to know about what is Microsoft Sentinel.pdf
amilsaifi5
 
SC-900 Capabilities of Microsoft Security Solutions
FredBrandonAuthorMCP
 
Security management
Dean Iacovelli
 
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Tom Janetscheck
 
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Ad

More from Nanddeep Nachan (20)

PPTX
Building Copilot for Microsoft 365 with Teams Toolkit
Nanddeep Nachan
 
PPTX
PnP Demo - Streamlining Internal Marketplaces using Microsoft Copilot and a T...
Nanddeep Nachan
 
PPTX
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
PPTX
Prompt to Pixel: DALL-E Magic
Nanddeep Nachan
 
PPTX
Knowledge Quest Teams Bot.pptx
Nanddeep Nachan
 
PPTX
Building Bots with Teams Toolkit
Nanddeep Nachan
 
PPTX
Power Apps for Azure Cloud Professionals
Nanddeep Nachan
 
PPTX
aMS Pune - Building apps for Teams meetings
Nanddeep Nachan
 
PPTX
Universal Actions for Adaptive Cards on Microsoft Teams
Nanddeep Nachan
 
PPTX
Building Bots with Azure and consume anywhere.pptx
Nanddeep Nachan
 
PPTX
Power Platform Custom Connector Deep Dive.pptx
Nanddeep Nachan
 
PPTX
Sessionize Custom Connector
Nanddeep Nachan
 
PPTX
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
Nanddeep Nachan
 
PPTX
Bring your SharePoint apps to MS Teams
Nanddeep Nachan
 
PPTX
Microsoft Viva Connections - Set up and Extend with SPFx
Nanddeep Nachan
 
PPTX
Information Barriers in MS Teams
Nanddeep Nachan
 
PPTX
PL-100 Microsoft Power Platform App Maker
Nanddeep Nachan
 
PPTX
Explore Microsoft Power Platform Center of Excellence
Nanddeep Nachan
 
PPTX
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
Nanddeep Nachan
 
PPTX
SharePoint PnP Demo - react-manage-o365-groups
Nanddeep Nachan
 
Building Copilot for Microsoft 365 with Teams Toolkit
Nanddeep Nachan
 
PnP Demo - Streamlining Internal Marketplaces using Microsoft Copilot and a T...
Nanddeep Nachan
 
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
Prompt to Pixel: DALL-E Magic
Nanddeep Nachan
 
Knowledge Quest Teams Bot.pptx
Nanddeep Nachan
 
Building Bots with Teams Toolkit
Nanddeep Nachan
 
Power Apps for Azure Cloud Professionals
Nanddeep Nachan
 
aMS Pune - Building apps for Teams meetings
Nanddeep Nachan
 
Universal Actions for Adaptive Cards on Microsoft Teams
Nanddeep Nachan
 
Building Bots with Azure and consume anywhere.pptx
Nanddeep Nachan
 
Power Platform Custom Connector Deep Dive.pptx
Nanddeep Nachan
 
Sessionize Custom Connector
Nanddeep Nachan
 
SharePoint PnP Viva Connections & SPFx JS SIG Call - My M365 Groups
Nanddeep Nachan
 
Bring your SharePoint apps to MS Teams
Nanddeep Nachan
 
Microsoft Viva Connections - Set up and Extend with SPFx
Nanddeep Nachan
 
Information Barriers in MS Teams
Nanddeep Nachan
 
PL-100 Microsoft Power Platform App Maker
Nanddeep Nachan
 
Explore Microsoft Power Platform Center of Excellence
Nanddeep Nachan
 
SharePoint PnP Demo - Questionnaire Teams Meeting App with SPFx
Nanddeep Nachan
 
SharePoint PnP Demo - react-manage-o365-groups
Nanddeep Nachan
 

Recently uploaded (20)

PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
Configure Apache Mutual Authentication
Antonino Piraino
 
Five Habits of High-Impact Board Members
OnBoard
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
The various Industrial Revolutions .pptx
bandileshozi3
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 

Protect Office 365 with Azure Sentinel

  • 1. 11 May, 2021 Protect Office 365 with Azure Sentinel Nanddeep Nachan @NanddeepNachan Smita Nachan @SmitaNachan
  • 2. AGENDA  Challenges with Microsoft 365 environment monitoring  Monitor Office 365 Logs from Azure Sentinel  Threat detection with Azure Sentinel analytics  Respond to Threats  Q&A
  • 3. Office 365 Consultant Speaker | Author | Blogger Nanddeep Nachan  Pune, India  Twitter Handle: @NanddeepNachan  LinkedIn: /in/NanddeepNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365, MS Azure
  • 4.  Pune, India  Twitter Handle: @SmitaNachan  LinkedIn: /in/SmitaNachan  Microsoft MVP, MCT  SharePoint, Microsoft 365 Lead Software Engineer @TietoEVRY Speaker | Author Smita Nachan
  • 5. Challenges with Microsoft 365 environment monitoring
  • 6.  With the increase in usage, it is essential to keep track of user activities  Potential security risk with admin activities  Audit logs in the compliance center Monitoring Microsoft 365 environments
  • 7. Demo Audit log in the compliance center
  • 8. License Retention period Office 365 E5 or Microsoft 365 E5 1 Year (non-E5) Office 365 or Microsoft 365 90 Days O365 Audit logs retention
  • 9.  Auditing & Historical purpose  Compliance  Legal Why we need O365 logs?
  • 11.  Security Information and Event Manager (SIEM)  Security Orchestration Automated Response (SOAR) Azure Sentinel Overview Image reference: https://docs.microsoft.com/azure/sentinel/overview
  • 12. Demo Set up Azure Sentinel
  • 13. Connect Office 365 logs to Azure Sentinel O365 Audit Logs User / Admin Activities O365 Data Connector Azure Sentinel Log Analytics Workspace Office 365
  • 14.  Read and write permissions on your Azure Sentinel workspace.  Global administrator or security administrator rights on Office 365 tenant.  Office 365 deployment must be on the same tenant as your Azure Sentinel workspace. Prerequisites
  • 15. Demo Connect Office 365 logs to Azure Sentinel
  • 17.  Monitor data using the Azure Sentinel integration with Azure Monitor Workbooks  Create custom workbooks across your data  Combine data from various data sources and data types  Visualize related data in a single interactive report Workbooks
  • 20.  Detect, investigate, and remediate cyber security threats  Analyzes data from various sources to identify correlations and anomalies  Trigger alerts based on the attack techniques  Get insights of attack  Create rule from Rule templates Analytics
  • 22. Respond to Threats Use playbooks with automation rules in Azure Sentinel
  • 23.  Create an automation rule  Create a playbook  Add actions to a playbook  Attach a playbook to an automation rule or an analytics rule to automate threat response Automate your incident response
  • 24. Demo Use playbooks with automation rules
  • 25.  Azure Sentinel  https://docs.microsoft.com/en-us/azure/sentinel/overview  Monitor Office 365 Logs from Azure Sentinel  https://nanddeepnachanblogs.com/posts/2021-03-14-monitor-o365-logs-azure-sentinel/  Threat detection with Azure Sentinel analytics  https://nanddeepnachanblogs.com/posts/2021-04-15-threat-detection-with-azure-sentinel-analytics/  Log analytics samples (KQL queries) by Brian T. Jackett  https://github.com/BrianTJackett/log-analytics-samples References
  • 26. Q&A

Editor's Notes

  • #11: https://docs.microsoft.com/en-us/azure/sentinel/overview
  • #17: https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview
  • #23: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook