Sophos XDR: Integrate Microsoft 365
This step-by-step tutorial shows you how to integrate Microsoft 365 with Sophos Central.
This is a free integration available to Sophos MDR and Sophos XDR customers. Configuring this allows alerts to be sent directly to Sophos for faster identification, analysis, and response to potential security incidents.
**Captions generated by machine translation and may contain errors**
------
*Video Chapters*
00:00 Intro
00:11 Sophos XDR integration
00:31 Overview
01:08 Prerequisites
01:48 O365 Management Activity API
02:01 Add domain/IP info
02:30 Enable auditing
04:21 M365 Response Actions API
05:13 MS Graph Security API (Legacy)
06:11 MS Graph Security API V2
07:08 Outro
------
*Relevant Documentation*
Microsoft 365 Integrations
https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=MicrosoftIntegrations
Microsoft Defender XDR prerequisites
https://learn.microsoft.com/en-us/defender-xdr/prerequisites
Provide your domain and IP details
https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=my-domains
Live Discover
https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=LiveDiscover
Search the audit log
https://learn.microsoft.com/en-us/purview/audit-search?tabs=microsoft-purview-portal
Turn auditing on or off
https://learn.microsoft.com/en-us/purview/audit-log-enable-disable
Respond to cases
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Cases/AnalyzeCases/index.html#respond-to-cases
------
Ask questions and get expert answers in the Sophos Community. https://community.sophos.com
Watch more expert video tutorials. https://techvids.sophos.com
Follow and subscribe. https://www.youtube.com/@SophosCybersecurity