Overview
Defender for Microsoft 365 is an add-on license that extends the security capabilities of Microsoft 365. This product was formerly known as Advanced Threat Protection. This provides organizations the ability to create policies to protect users, email attachment sandboxing, advanced threat block capabilities, and more.
Before you begin
To receive Microsoft 365 Defender logs in Blumira, you must have the Microsoft Azure Event Hubs Module configured on a Blumira sensor. Integrate Azure Event Hubs with Blumira by completing the steps in Integrating with Microsoft Azure Event Hubs.
Next, gather the Event Hub Name and the Resource ID of the Azure event hub namespace that you created for Blumira, which are in your Azure Event Hubs Namespace page > Properties menu.
Forwarding Microsoft Defender events to Blumira
To connect Microsoft 365 Defender to your Blumira event hub in Azure:
-
Log in to security.microsoft.com as a Global Admin.
-
Navigate to Settings.
-
Click Microsoft 365 Defender.
-
Click Streaming API.
Note: If the option for Streaming API is not available in your tenant, but you are licensed for Defender, this link will take you to the setting. -
Click Add.
-
Type a name for your new settings.
-
Click Forward events to Azure Event Hubs.
-
Type your Blumira Event Hub Namespace Resource ID and Event Hub Name.
-
Select the event types you want to stream.
-
Click Save.