Custom or third-party reporting solutions for Microsoft Defender for Office 365

With Microsoft Defender for Office 365, you get detailed information about automated investigations. However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about automated investigations with such a solution, you can use the Office 365 Management Activity API.

Applies to

With Microsoft Defender for Office 365, you get detailed information about automated investigations. However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about automated investigations with such a solution, you can use the Office 365 Management Activity API.

Resource Description
Office 365 Management APIs overview The Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Microsoft 365 and Azure Active Directory activity logs.
Get started with Office 365 Management APIs The Office 365 Management API uses Azure AD to provide authentication services for your application to access Microsoft 365 data. Follow the steps in this article to set this up.
Office 365 Management Activity API reference You can use the Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Microsoft 365 and Azure AD activity logs. Read this article to learn more about how this works.
Office 365 Management Activity API schema Get an overview of the Common schema and the Defender for Office 365 and threat investigation and response schema to learn about specific kinds of data available through the Office 365 Management Activity API.

See also