Skip to main content
All CollectionsIntegrations
How to Integrate Microsoft 365 into Defense.com
How to Integrate Microsoft 365 into Defense.com

Easily integrate your Microsoft 365 account with Defense.com to get alerted to new threats and security recommendations.

Alan Butcher avatar
Written by Alan Butcher
Updated over a week ago

This integration collects logs and security alerts from your Microsoft 365 account and brings them into Defense.com, making your cyber security easier to manage.

In this article:

Integration steps

To complete this integration you’ll need access to your Azure administration account via portal.azure.com and appropriate permissions (such as Global Administrator or Application Developer) to create and manage app registrations.

You should also ensure that Azure Audit logging is enabled according to the steps outlined in this article: Enable or disable audit log.

  1. From your dashboard, click the Microsoft 365 Integration button.

  2. This will launch the Microsoft 365 integration wizard.

  3. Click Next.

  4. You will need to enter the following credentials to continue:

    • Application (Client) ID

    • Directory (Tenant) ID

    • Client Secret Value

  5. Click Check Credentials to verify the details entered are valid.

  6. If the credentials are valid you'll be asked to set the following permission within Azure:

    • Microsoft Graph

      SecurityEvents.ReadWrite.All

      SecurityAlert.ReadWrite.All
      SecurityIncident.ReadWrite.All

      ThreatIntelligence.Read.All

      User.ReadBasic.All

    • Office 365 Management APIs

      ActivityFeed.Read

      ActivityFeed.ReadDlp

      ServicesHealth.Read

  7. You can check the permissions have been added correctly by clicking the Check buttons on the right. Click Next to proceed.

  8. Click Complete.


    That's it! 🎉The integration is now complete. You can now view your Microsoft 365 integration dashboard.

Log and alert types

The following audit logs are supported from Office 365 and Azure AD:

  • Audit.AzureActiveDirectory

  • Audit.Exchange

  • Audit.SharePoint

  • DLP.All

  • Any many more

The following alert sources are supported:

  • Microsoft Defender for Endpoint

  • Microsoft Defender for Identity

  • Microsoft Defender for Cloud Apps

  • Microsoft Defender For Office365

  • Microsoft 365 Defender

  • Microsoft Entra ID Protection

  • Microsoft app governance

  • Microsoft Purview Data Loss Prevention

  • Microsoft Defender for Cloud

For more information about this Microsoft 365 integration please contact our support team via the chat in your Defense.com account.

Did this answer your question?