Overview
Defender for Microsoft 365 is an add-on license that extends the security capabilities of Microsoft 365. This product was also known as Advanced Threat Protection. This provides organizations the ability to create policies to protect users, email attachment sandboxing, advanced threat block capabilities, and more.
Requirement: To receive Microsoft 365 Defender logs in Blumira, you must have the Microsoft Azure Event Hubs Module configured on a Blumira sensor.
Before you begin
First, integrate Azure Event Hubs with Blumira by completing the steps in Integrating with Microsoft Azure Event Hubs.
Next, gather the Event Hub Name and the Resource ID of the Azure event hub namespace that you created for Blumira, which are in your Azure Event Hubs Namespace page > Properties menu.
Forwarding Microsoft Defender events to Blumira
To connect Microsoft 365 Defender to your Blumira event hub in Azure:
-
Log in to security.microsoft.com as a Global Admin.
-
Navigate to Settings.
-
Click Microsoft 365 Defender.
-
Click Streaming API.
-
Click Add.
-
Type a name for your new settings.
-
Click Forward events to Azure Event Hubs.
-
Type your Blumira Event Hub Namespace Resource ID and Event Hub Name.
-
Select the event types you want to stream.
-
Click Save.