From 271ac315f30cb721715d88acb2d4b71339eb0de8 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 16 Sep 2025 22:58:17 +0530 Subject: [PATCH 1/6] Update cid-redirects.json --- cid-redirects.json | 1 + 1 file changed, 1 insertion(+) diff --git a/cid-redirects.json b/cid-redirects.json index eb312456b7..015d8c2995 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -2930,6 +2930,7 @@ "/cid/1105": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub-ocsf", "/cid/1106": "/docs/integrations/sumo-apps/opentelemetry-collector-insights", "/cid/1107": "/docs/integrations/saas-cloud/aws-iam-users", + "/cid/1109": "/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365", "/Cloud_SIEM_Enterprise": "/docs/cse", "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration", "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration", From db181f7335899a89c1ece316177d4b2596113eea Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 19 Sep 2025 21:36:54 +0530 Subject: [PATCH 2/6] Create azure-security-microsoft-defender-for-office-365.md --- ...urity-microsoft-defender-for-office-365.md | 192 ++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md diff --git a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md new file mode 100644 index 0000000000..3873df891a --- /dev/null +++ b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md @@ -0,0 +1,192 @@ +--- +id: azure-security-microsoft-defender-for-office-365 +title: Azure Security - Microsoft Defender for Office 365 +description: Learn about the Sumo Logic collection process for the Azure Security - Defender for Cloud service. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Thumbnail icon + +The Sumo Logic App for Azure Security – Microsoft Defender for Office 365 provides visibility into threats and alerts across Microsoft 365. It includes dashboards to monitor alert activity, geographic trends, detection sources, and user-level details, enabling quick identification of phishing, malware, and suspicious sign-ins. High-severity alerts, malicious IPs, compromised accounts, and targeted devices are highlighted to support rapid response. The app helps strengthen Office 365 security posture, prioritize incidents, and detect potential compromises across users and devices. + +## Log types + +The Azure Security – Microsoft Defender for Office 365 app uses SumoLogic’s Microsoft Graph Security source to collect [Alerts](https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http) from the Microsoft Graph Security source. + +### Sample log messages + +
+Alerts + +```json +{ + "id": "adbe0c9e2dccf8f1756423691203fj4f03ebd9d327664bcda30a", + "providerAlertId": "6e11a0063f2acc258e17152cac17564236912037c178d92c04c17564236918be", + "incidentId": "20", + "status": "resolved", + "severity": "high", + "classification": "falsePositive", + "determination": "phishing", + "serviceSource": "microsoftDefenderForOffice365", + "detectionSource": "microsoftDefenderForCloud", + "detectorId": "UnfamiliarLocation", + "tenantId": "3adb963c-8e61-48e8-a06d-6dbb0dacea39", + "title": "Unfamiliar sign-in properties", + "description": "Sign-in with properties we have not seen recently for the given user", + "recommendedActions": "", + "category": "InitialAccess", + "assignedTo": null, + "alertWebUrl": "https://remote-trail.gl.at.ply.gg/alerts/adbe0c9e2dccf8f433ff4f03ebd9d327664bcda30a?tid=3adb963c-8e61-48e8-a06d-6dbb0dacea39", + "incidentWebUrl": "https://remote-trail.gl.at.ply.gg/incidents/20?tid=3adb963c-8e61-48e8-a06d-6dbb0dacea39", + "actorDisplayName": null, + "threatDisplayName": null, + "threatFamilyName": null, + "mitreTechniques": [ + "T1078", + "T1078.004" + ], + "createdDateTime": "2025-08-28T16:28:11-0700725Z", + "lastUpdateDateTime": "2025-08-28T16:28:11-0700333Z", + "resolvedDateTime": "2025-08-28T16:28:11-0700725Z", + "firstActivityDateTime": "2025-08-28T16:28:11-0700919Z", + "lastActivityDateTime": "2025-08-28T16:28:11-0700919Z", + "comments": [ + { + "@qlvcckxbgq.type": "#microsoft.graph.security.alertComment", + "comment": "Not valid", + "createdByDisplayName": "David", + "createdDateTime": "2025-08-28T16:28:11-070088Z" + } + ], + "evidence": [ + { + "@qlvcckxbgq.type": "#microsoft.graph.security.userEvidence", + "createdDateTime": "2025-08-28T16:28:11-0700667Z", + "verdict": "unknown", + "remediationStatus": "none", + "remediationStatusDetails": null, + "roles": [ + "compromised" + ], + "detailedRoles": [ + + ], + "tags": [ + + ], + "userAccount": { + "accountName": "tseapps", + "domainName": null, + "userSid": "S-1-12-1-1756423691-1756423691-589068932-1756423691", + "azureAdUserId": "f5e829f5-4b1f-4fcf-847a-1c234c1b3b84", + "userPrincipalName": "ag@qlvcckxbgq.com", + "displayName": AndreGurn + } + }, + { + "@qlvcckxbgq.type": "#microsoft.graph.security.ipEvidence", + "createdDateTime": "2025-08-28T16:28:11-0700667Z", + "verdict": "malicious", + "remediationStatus": "none", + "remediationStatusDetails": null, + "roles": [ + + ], + "detailedRoles": [ + + ], + "tags": [ + + ], + "ipAddress": "185.231.233.146", + "countryLetterCode": "IN" + } + ] +} +``` +
+ +### Sample queries + +```sql title="Recent Alerts" +_sourceCategory=Labs/AzureSecurityMicrosoftDefenderFor365 +|json"id","status","severity","category","title","description","classification","determination","serviceSource","detectionSource","alertWebUrl" ,"comments[*]","evidence[*]"as alert_id,status,severity,category,title,description,classification,determination,service_source,detection_source,alert_url,comments,evidence_info nodrop + +| where toLowerCase(service_source) = "microsoftdefenderforoffice365" + +// panel specific +| if(isNull(category),"-",category) as category +| if(isNull(classification),"-",classification) as classification +| if(isNull(determination),"-",determination) as determination +| count by _messageTime,status,severity,category,title,description,classification,determination,alert_url,alert_id +| formatDate(toLong(_messageTime), "dd-MM-yyyy HH:mm:ss") as time +| tourl (alert_url,alert_id) as alert_id +| fields time,alert_id,title,description,status,severity,category,classification,determination +| fields -_messageTime +| sort by time +| limit 100 +``` + +## Collection configuration and app installation + +:::note +- Skip this step if you have already configured the Microsoft Graph Security API Source. +- Select **Use the existing source and install the app** to install the app using the `sourceCategory` of the Microsoft Graph Security API Source configured above. +::: + +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; + + + +:::important +Use the [Cloud-to-Cloud Integration for Microsoft Graph Security API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Azure Security - Microsoft Defender for Office 365 app is properly integrated and configured to collect and analyze your Azure Security - Microsoft Defender for Office 365 data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; + + + +## Viewing the Azure Security - Microsoft Defender for Office 365 dashboards + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Overview + +The **Azure Security - Microsoft Defender for Office 365 - Overview** dashboard provides + +
Azure Security - Microsoft Defender for Office 365 - Overview + +### Security + +The **Azure Security - Microsoft Defender for Office 365 - Security** dashboard provides + +
Azure Security - Microsoft Defender for Office 365 - Security + +## Upgrade/Downgrade the Azure Security - Microsoft Defender for Office 365 app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Azure Security - Microsoft Defender for Office 365 app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + From b714f957fa9f6e3dd4b283e126cc3330f67dcee0 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 19 Sep 2025 22:17:11 +0530 Subject: [PATCH 3/6] Update azure-security-microsoft-defender-for-office-365.md --- ...ure-security-microsoft-defender-for-office-365.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md index 3873df891a..3621cfde63 100644 --- a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md +++ b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md @@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; Thumbnail icon -The Sumo Logic App for Azure Security – Microsoft Defender for Office 365 provides visibility into threats and alerts across Microsoft 365. It includes dashboards to monitor alert activity, geographic trends, detection sources, and user-level details, enabling quick identification of phishing, malware, and suspicious sign-ins. High-severity alerts, malicious IPs, compromised accounts, and targeted devices are highlighted to support rapid response. The app helps strengthen Office 365 security posture, prioritize incidents, and detect potential compromises across users and devices. +The Sumo Logic app for Azure Security – Microsoft Defender for Office 365 provides visibility into threats and alerts across Microsoft 365. It includes dashboards to monitor alert activity, geographic trends, detection sources, and user-level details, enabling quick identification of phishing, malware, and suspicious sign-ins. High-severity alerts, malicious IPs, compromised accounts, and targeted devices are highlighted to support rapid response. The app helps strengthen Office 365 security posture, prioritize incidents, and detect potential compromises across users and devices. ## Log types @@ -169,15 +169,15 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md'; ### Overview -The **Azure Security - Microsoft Defender for Office 365 - Overview** dashboard provides +The **Azure Security - Microsoft Defender for Office 365 - Overview** dashboard offers a high-level summary of security alerts detected by Microsoft Defender for Office 365. It showcases key metrics such as total alert volume, geographic distribution, and breakdowns by status, detection source, determination, and classification. Security analysts can quickly spot top alert categories like phishing and malware, identify affected users, and monitor the most active analysts involved in investigations. The dashboard also features a top action plan and recent alerts panel to help prioritize response efforts and investigate high-risk activities such as anomalous sign-ins, suspicious tokens, and potential account compromises. -
Azure Security - Microsoft Defender for Office 365 - Overview +
Azure Security - Microsoft Defender for Office 365 - Overview ### Security -The **Azure Security - Microsoft Defender for Office 365 - Security** dashboard provides +The **Azure Security - Microsoft Defender for Office 365 - Security** dashboard focuses on high-severity alerts and threats associated with risky IP addresses, suspicious geographies, and compromised accounts. It provides visibility into alerts by severity over time, helping analysts detect spikes in high-priority incidents. The dashboard also highlights countries with malicious IP verdicts, top user accounts with compromised roles, and top attacked devices along with their risk posture and health status. This view enables teams to quickly pinpoint the most critical threats targeting their Office 365 environment and take immediate mitigation steps. -
Azure Security - Microsoft Defender for Office 365 - Security +
Azure Security - Microsoft Defender for Office 365 - Security ## Upgrade/Downgrade the Azure Security - Microsoft Defender for Office 365 app (Optional) @@ -189,4 +189,4 @@ import AppUpdate from '../../reuse/apps/app-update.md'; import AppUninstall from '../../reuse/apps/app-uninstall.md'; - + \ No newline at end of file From e1feedc67d47d48c6b335d442ee044d9babfd169 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Sat, 20 Sep 2025 01:19:09 +0530 Subject: [PATCH 4/6] final updates --- blog-service/2025-09-22-apps.md | 14 +++++ ...urity-microsoft-defender-for-office-365.md | 2 +- docs/integrations/microsoft-azure/index.md | 6 ++ .../microsoft-defender-for-office-365.md | 57 ------------------- .../product-list/product-list-a-l.md | 2 +- sidebars.ts | 2 +- 6 files changed, 23 insertions(+), 60 deletions(-) create mode 100644 blog-service/2025-09-22-apps.md delete mode 100644 docs/integrations/microsoft-azure/microsoft-defender-for-office-365.md diff --git a/blog-service/2025-09-22-apps.md b/blog-service/2025-09-22-apps.md new file mode 100644 index 0000000000..d6d5b212e2 --- /dev/null +++ b/blog-service/2025-09-22-apps.md @@ -0,0 +1,14 @@ +--- +title: Azure Security - Microsoft Defender for Office 365 (Apps) +image: https://help.sumologic.com/img/reuse/rss-image.jpg +keywords: + - apps + - azure + - microsoft + - azure-security-microsoft-defender-for-office-365 +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Defender for Office 365. This app provides insights into threats and alerts across Microsoft 365, helping you prioritize incidents, respond faster, and strengthen your Office 365 security posture. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365). \ No newline at end of file diff --git a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md index 3621cfde63..326c22b9b1 100644 --- a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md +++ b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md @@ -1,7 +1,7 @@ --- id: azure-security-microsoft-defender-for-office-365 title: Azure Security - Microsoft Defender for Office 365 -description: Learn about the Sumo Logic collection process for the Azure Security - Defender for Cloud service. +description: Learn how to collect alerts from the Azure Security - Microsoft Defender for Office 365 platform and send them to Sumo Logic for analysis. --- import useBaseUrl from '@docusaurus/useBaseUrl'; diff --git a/docs/integrations/microsoft-azure/index.md b/docs/integrations/microsoft-azure/index.md index 51bd028330..ec74640dcf 100644 --- a/docs/integrations/microsoft-azure/index.md +++ b/docs/integrations/microsoft-azure/index.md @@ -281,6 +281,12 @@ This guide has documentation for all of the apps that Sumo Logic provides for Mi

Learn about the Sumo Logic collection process for the Azure Security - Defender for Cloud service.

+
+
+ thumbnail icon

Azure Security - Microsoft Defender for Office 365

 +

Learn about the Sumo Logic collection process for the Azure Security - Microsoft Defender for Office 365

+
+
Thumbnail icon diff --git a/docs/integrations/microsoft-azure/microsoft-defender-for-office-365.md b/docs/integrations/microsoft-azure/microsoft-defender-for-office-365.md deleted file mode 100644 index ea2ba986e5..0000000000 --- a/docs/integrations/microsoft-azure/microsoft-defender-for-office-365.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -id: microsoft-defender-for-office-365 -title: Microsoft Defender for Office 365 -sidebar_label: Microsoft Defender for Office 365 -description: The Sumo Logic App for Microsoft Defender for Office 365 outlines the steps required to collect and analyze the alert data from the Azure security platform to the Sumo Logic platform. ---- - -import useBaseUrl from '@docusaurus/useBaseUrl'; - -Thumbnail icon - -Microsoft Defender for Office 365 is a cloud-based email security service designed to protect your organization using Microsoft 365 (formerly Office 365) against threats such as: -- Phishing -- Malware -- Ransomware -- Business Email Compromise (BEC) -- Zero-day threats - -This document outlines the steps required to collect and analyse the [Microsoft Defender for Office 365](https://learn.microsoft.com/en-us/defender-office-365/mdo-about) alerts in the Sumo Logic platform. - -## Set up collection - -:::note -Skip this step if you have already configured the Microsoft Graph Security API Source. -::: - -Use the [Cloud-to-Cloud Integration for Microsoft Graph Security API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source/) to ingest security alerts data from the Microsoft Defender for Office 365 to the Sumo Logic platform. - -## Search alerts - -Use the following query to retrieve alerts generated by the Microsoft Defender for Office 365. - -```sql -_sourcecategory=Labs/MicrosoftGraphSecurity -| json field=_raw "serviceSource" as service_source -| where service_source = "microsoftDefenderForOffice365" -``` - -## Analyse alerts - -Use the following query to extract detailed insights from the alert data: - -```sql -_sourceCategory=Labs/MicrosoftGraphSecurity -|json"id","status","severity","category","title","description","classification","determination","serviceSource","detectionSource","alertWebUrl" ,"comments[*]","evidence[*]"as alert_id,status,severity,category,title,description,classification,determination,service_source,detection_source,alert_url,comments,evidence_info nodrop -| where service_source = "microsoftDefenderForOffice365" -| where severity matches "*" and status matches "*" and classification matches "*" -| if(isNull(category),"-",category) as category -| if(isNull(classification),"-",classification) as classification -| if(isNull(determination),"-",determination) as determination -| count by _messageTime,status,severity,category,title,description,classification,determination,alert_url,alert_id -| formatDate(toLong(_messageTime), "dd-MM-yyyy HH:mm:ss") as time -| tourl (alert_url,alert_id) as alert_id -| fields time,alert_id,title,description,alert_url,status,severity,category,classification,determination -| fields -_messageTime -| sort by time -``` \ No newline at end of file diff --git a/docs/integrations/product-list/product-list-a-l.md b/docs/integrations/product-list/product-list-a-l.md index 9fa3bc14c3..e410858607 100644 --- a/docs/integrations/product-list/product-list-a-l.md +++ b/docs/integrations/product-list/product-list-a-l.md @@ -119,7 +119,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [AWS Simple Notification Service](https://aws.amazon.com/sns/) | Automation integration: [AWS Simple Notification Service](/docs/platform-services/automation-service/app-central/integrations/aws-simple-notification-service/) | | Thumbnail icon | [AWS WAF](https://aws.amazon.com/waf/) | Apps:
- [AWS WAF](/docs/integrations/amazon-aws/waf/)
- [AWS WAF Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-waf/)
Automation integration: [AWS WAF](/docs/platform-services/automation-service/app-central/integrations/aws-waf/)
Cloud SIEM integration: [Amazon AWS - Web Application Firewall (WAF)](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/products/072b85a2-1765-45c2-911d-b0509880326e.md) | | Thumbnail icon | [Axonius](https://www.axonius.com/) | Automation integration: [Axonius](/docs/platform-services/automation-service/app-central/integrations/axonius/) | -| Thumbnail icon | [Azure](https://azure.microsoft.com/en-us) | Apps:
- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/)
- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/)
- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/)
- [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/)
- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/)
- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/)
- [Azure Audit](/docs/integrations/microsoft-azure/audit/)
- [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/)
- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/)
- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/)
- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/)
- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/)
- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/)
- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)
- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/)
- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/)
- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/)
- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/)
- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/)
- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/)
- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/)
- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/)
- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/)
- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/)
- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/)
- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/)
- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/)
- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/)
- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/)
- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/)
- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/)
- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)
- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)
- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/)
- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/)
- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/)
- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/)
- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/)
- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/)
- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/)
- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/)
- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/)
- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/)
- [Azure SQL](/docs/integrations/microsoft-azure/sql/)
- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/)
- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/)
- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/)
- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/)
- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/)
- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/)
- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)
- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/)
Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/)
Collectors:
- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs)
- [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/)
- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration)
Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) | +| Thumbnail icon | [Azure](https://azure.microsoft.com/en-us) | Apps:
- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/)
- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/)
- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/)
- [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/)
- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/)
- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/)
- [Azure Audit](/docs/integrations/microsoft-azure/audit/)
- [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/)
- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/)
- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/)
- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/)
- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/)
- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/)
- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)
- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/)
- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/)
- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/)
- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/)
- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/)
- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/)
- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/)
- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/)
- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/)
- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/)
- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/)
- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/)
- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/)
- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/)
- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/)
- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/)
- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/)
- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)
- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)
- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/)
- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/)
- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/)
- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/)
- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/)
- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/)
- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/)
- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/)
- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/)
- [Azure Security - Microsoft Defender for Office 365](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365)
- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/)
- [Azure SQL](/docs/integrations/microsoft-azure/sql/)
- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/)
- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/)
- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/)
- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/)
- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/)
- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/)
- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)
- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/)
Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/)
Collectors:
- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs)
- [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/)
- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration)
Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) | ## B diff --git a/sidebars.ts b/sidebars.ts index fd6a65beb4..c72b1f7050 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2237,10 +2237,10 @@ integrations: [ 'integrations/microsoft-azure/kubernetes', 'integrations/microsoft-azure/azure-security-advisor', 'integrations/microsoft-azure/azure-security-defender-for-cloud', + 'integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365', 'integrations/microsoft-azure/microsoft-defender-for-cloud-apps', 'integrations/microsoft-azure/microsoft-defender-for-endpoint', 'integrations/microsoft-azure/microsoft-defender-for-identity', - 'integrations/microsoft-azure/microsoft-defender-for-office-365', 'integrations/microsoft-azure/microsoft-dynamics365-customer-insights', 'integrations/microsoft-azure/microsoft-entra-id-protection', 'integrations/microsoft-azure/microsoft-purview-data-loss-prevention', From 329229d2cb9d3804fef8fd8e6a6f006f0041e420 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Sat, 20 Sep 2025 01:36:11 +0530 Subject: [PATCH 5/6] Update docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md Co-authored-by: John Pipkin (Sumo Logic) --- .../azure-security-microsoft-defender-for-office-365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md index 326c22b9b1..013d15ba47 100644 --- a/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md +++ b/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365.md @@ -12,7 +12,7 @@ The Sumo Logic app for Azure Security – Microsoft Defender for Office 365 prov ## Log types -The Azure Security – Microsoft Defender for Office 365 app uses SumoLogic’s Microsoft Graph Security source to collect [Alerts](https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http) from the Microsoft Graph Security source. +The Azure Security – Microsoft Defender for Office 365 app uses SumoLogic’s Microsoft Graph Security source to collect [alerts](https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http) from the Microsoft Graph Security source. ### Sample log messages From 79474950529b3970ab271850b9246ae23c471652 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Sat, 20 Sep 2025 01:42:36 +0530 Subject: [PATCH 6/6] changed release date --- blog-service/{2025-09-22-apps.md => 2025-09-19-apps.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename blog-service/{2025-09-22-apps.md => 2025-09-19-apps.md} (100%) diff --git a/blog-service/2025-09-22-apps.md b/blog-service/2025-09-19-apps.md similarity index 100% rename from blog-service/2025-09-22-apps.md rename to blog-service/2025-09-19-apps.md