SIEM server integration with Microsoft 365 services and applications

Overview

If your organization is using a Security Information and Event Management (SIEM) server, or if you are planning to get a SIEM server soon, you might be wondering how that'll integrate with your Microsoft 365, including Office 365 Enterprise. Whether you need a SIEM server depends on many factors, such as your organization's security requirements. Microsoft 365 offers a variety of security features; however, if your organization has content and applications on premises and in the cloud (as in the case of a hybrid cloud deployment), you might consider adding a SIEM server for extra protection. Or, if your organization has particularly stringent security requirements you must meet, you might consider adding a SIEM server to your environment.

SIEM server integration Microsoft 365

A SIEM server can receive data from a wide variety of Microsoft 365 services and applications. The following table lists several Microsoft 365 services and applications along with SIEM server inputs and where to go to learn more about SIEM server integration.

Microsoft 365 Service or Application SIEM server inputs Resources to learn more
Office 365 Advanced Threat Protection
or
Office 365 Threat Intelligence
Audit logs SIEM integration with Office 365 Advanced Threat Protection
Microsoft Cloud App Security Log integration SIEM integration with Microsoft Cloud App Security
Office 365 Cloud App Security Log integration Integrate your SIEM server with Cloud App Security
Windows Defender Advanced Threat Protection Log integration Pull alerts to your SIEM tools
Azure Security Center (Threat Protection and Threat Detection) Alerts Azure Security data export to SIEM - Pipeline Configuration - Preview
Azure Active Directory Identity Protection Audit logs Integrate Azure Active Directory audit logs
Azure Advanced Threat Analytics Log integration ATA SIEM log reference

Audit logging must be turned on

Make sure audit logging is turned on before you configure SIEM server integration.

See Also

Cloud adoption and hybrid solutions

Cloud adoption Test Lab Guides (TLGs)