You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/business-applications/power-platform-solution-security-content.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,17 +107,17 @@ The solution includes hunting queries that can be used by analysts to proactivel
107
107
108
108
## Playbooks
109
109
110
-
This solution contains playbooks which can be use to automate security response to incidents and alerts in Microsoft Sentinel.
110
+
This solution contains playbooks which can be used to automate security response to incidents and alerts in Microsoft Sentinel.
111
111
112
112
| Playbook name | Description |
113
113
| --- | --- |
114
114
| Security workflow: alert verification with workload owners | This playbook can reduce burden on the SOC by offloading alert verification to IT admins for specific analytics rules. It is triggered when a Microsoft Sentinel alert is generated, creates a message (and associated notification email) in the workload owner's Microsoft Teams channel containing details of the alert. If the workload owner responds that the activity is not authorized, the alert will be converted to an incident in Microsoft Sentinel for the SOC to handle. |
115
-
| Dataverse: Send notification to manager | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically send an email notificiation to the manager of the affected user entitites. The Playbook can be configured to send either to the Dynamics 365 manager, or using the manager in Office 365. |
116
-
| Dataverse: Add user to blocklist (incident trigger) | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entitites to a pre-defined Microsoft Entra group, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
117
-
| Dataverse: Add user to blocklist using Outlook approval workflow | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entitites to a pre-defined Microsoft Entra group, using an Outlook based approval workflow, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
118
-
| Dataverse: Add user to blocklist using Teams approval workflow | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entitites to a pre-defined Microsoft Entra group, using a Teams adaptive card approval workflow, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
119
-
| Dataverse: Add user to blocklist (alert trigger) | This playbook can be triggered on-demand when a Microsoft Sentinel alert is raised, allowing the analyst to add affected user entitites to a pre-defined Microsoft Entra group, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
120
-
| Dataverse: Remove user from blocklist | This playbook can be triggered on-demand when a Microsoft Sentinel alert is raised, allowing the analyst to remove affected user entitites from a pre-defined Microsoft Entra group used to block access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
115
+
| Dataverse: Send notification to manager | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically send an email notification to the manager of the affected user entities. The Playbook can be configured to send either to the Dynamics 365 manager, or using the manager in Office 365. |
116
+
| Dataverse: Add user to blocklist (incident trigger) | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entities to a pre-defined Microsoft Entra group, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
117
+
| Dataverse: Add user to blocklist using Outlook approval workflow | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entities to a pre-defined Microsoft Entra group, using an Outlook based approval workflow, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
118
+
| Dataverse: Add user to blocklist using Teams approval workflow | This playbook can be triggered when a Microsoft Sentinel incident is raised and will automatically add affected user entities to a pre-defined Microsoft Entra group, using a Teams adaptive card approval workflow, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
119
+
| Dataverse: Add user to blocklist (alert trigger) | This playbook can be triggered on-demand when a Microsoft Sentinel alert is raised, allowing the analyst to add affected user entities to a pre-defined Microsoft Entra group, resulting in blocked access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
120
+
| Dataverse: Remove user from blocklist | This playbook can be triggered on-demand when a Microsoft Sentinel alert is raised, allowing the analyst to remove affected user entities from a pre-defined Microsoft Entra group used to block access. The Microsoft Entra group is used with Conditional Access to block sign-in to the Dataverse. |
121
121
| Dataverse: Add SharePoint sites to watchlist | This playbook is used to add new or updated SharePoint document management sites into the configuration watchlist. When combined with a scheduled analytics rule monitoring the Dataverse activity log, this Playbook will trigger when a new SharePoint document management site mapping is added. The site will be added to a watchlist to extend monitoring coverage. |
Copy file name to clipboardExpand all lines: articles/sentinel/business-applications/solution-overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,7 +55,7 @@ The Microsoft Sentinel solution for Microsoft Business Apps includes the followi
55
55
56
56
|Connector name |Data collected |Log Analytics tables |
57
57
|---------|---------|---------|
58
-
|Microsoft Power Platform Admin Activity (Preview)|Power Platform administrator activity logs includes the following workloads: <br>- Power Apps<br>-Power Pages<br>- Power Platform Connectors<br>- Power Platform DLP<br><br>For more information, see [View Power Platform administrative logs using auditing solutions in Microsoft Purview (preview)](/power-platform/admin/admin-activity-logging).|PowerPlatformAdminActivity|
58
+
|Microsoft Power Platform Admin Activity (Preview)|Power Platform administrator activity logs includes the following workloads: <br>- Power Apps<br>-Power Pages<br>- Power Platform Connectors<br>- Power Platform DLP<br><br>For more information, see [View Power Platform administrative logs using auditing solutions in Microsoft Purview (preview)](/power-platform/admin/admin-activity-logging).|PowerPlatformAdminActivity|
59
59
|Microsoft Dataverse (Preview) |Dataverse and model-driven apps activity logging (including Dynamics 365 Customer Engagement) <br><br>For more information, see [Microsoft Dataverse and model-driven apps activity logging](/power-platform/admin/enable-use-comprehensive-auditing).<br><br>If you use the data connector for Dynamics 365, migrate to the data connector for Microsoft Dataverse. <br><br>This data connector replaces the legacy data connector for Dynamics 365 and supports data collection rules. | DataverseActivity |
60
60
| Dynamics 365 F&O |Dynamics 365 Finance and Operations admin activities and audit logs<br><br>Business process and application activity logs | FinanceOperationsActivity_CL |
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,11 +13,11 @@ ms.date: 12/02/2024
13
13
14
14
# What's new in Microsoft Sentinel
15
15
16
-
This article lists recent features added for Microsoft Sentinel, and new features in related services that provide an enhanced user experience in Microsoft Sentinel. For new features in Microsoft's unifed security operations (SecOps) platform, see the [unified SecOps platform documentation](/unified-secops-platform/whats-new).
16
+
This article lists recent features added for Microsoft Sentinel, and new features in related services that provide an enhanced user experience in Microsoft Sentinel. For new features in Microsoft's unified security operations (SecOps) platform, see the [unified SecOps platform documentation](/unified-secops-platform/whats-new).
17
17
18
18
The listed features were released in the last three months. For information about earlier features delivered, see our [Tech Community blogs](https://techcommunity.microsoft.com/t5/azure-sentinel/bg-p/AzureSentinelBlog/label-name/What's%20New).
19
19
20
-
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
20
+
Get notified when this page is updated by copying and pasting the following URL into your feed reader:
0 commit comments