Edit

Custom or third-party reporting solutions for Microsoft Defender for Office 365

Tip

Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms here.

With Microsoft Defender for Office 365, you get detailed information about automated investigations. However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about automated investigations with such a solution, you can use the Office 365 Management Activity API.

With Microsoft Defender for Office 365, you get detailed information about automated investigations. However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about automated investigations with such a solution, you can use the Office 365 Management Activity API.

Resource Description
Office 365 Management APIs overview The Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Microsoft 365 and Microsoft Entra activity logs.
Get started with Office 365 Management APIs The Office 365 Management API uses Microsoft Entra ID to provide authentication services for your application to access Microsoft 365 data. Follow the steps in this article to set this up.
Office 365 Management Activity API reference You can use the Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Microsoft 365 and Microsoft Entra activity logs. Read this article to learn more about how this works.
Office 365 Management Activity API schema Get an overview of the Common schema and the Defender for Office 365 and threat investigation and response schema to learn about specific kinds of data available through the Office 365 Management Activity API.

See also