SIEM server integration with Microsoft 365 services and applications


If your organization is using a Security Information and Event Management (SIEM) server, or if you are planning to get a SIEM server soon, you might be wondering how that'll integrate with your Microsoft 365, including Office 365 E5. Whether you need a SIEM server depends on many factors, such as your organization's security requirements. Microsoft 365 offers a variety of security features; however, if your organization has content and applications on premises and in the cloud (as in the case of a hybrid cloud deployment), you might consider adding a SIEM server for extra protection. Or, if your organization has particularly stringent security requirements you must meet, you might consider adding a SIEM server to your environment.

SIEM server integration Microsoft 365

A SIEM server can receive data from a wide variety of Microsoft 365 services and applications. The following table lists several Microsoft 365 services and applications along with SIEM server inputs and where to go to learn more about SIEM server integration.

Microsoft 365 Service or Application SIEM server inputs Resources to learn more
Office 365 Advanced Threat Protection
Office 365 Threat Intelligence
Audit logs SIEM integration with Office 365 Advanced Threat Protection
Microsoft Cloud App Security Log integration SIEM integration with Microsoft Cloud App Security
Microsoft Threat Protection Log integration Pull alerts to your SIEM tools
Azure Security Center (Threat Protection and Threat Detection) Alerts Azure Security data export to SIEM - Pipeline Configuration - Preview
Azure Advanced Threat Analytics Azure Monitor (Blog) Use Azure Monitor to integrate with SIEM tools
Azure Active Directory Identity Protection Log integration Integrate Microsoft Graph Security API alerts with a SIEM

Audit logging must be turned on

Make sure audit logging is turned on before you configure SIEM server integration.

See Also

Cloud adoption and hybrid solutions

Cloud adoption Test Lab Guides (TLGs)