Watch our latest fireside chat with Doug Cahill: Cybersecurity Integrations: The ROI Black Hole

PARTNER

Microsoft Defender for Office 365

Microsoft | Email Security

About the Microsoft Defender for Office 365 Integration

Microsoft Defender for Office 365 is Microsoft’s cloud-based email security and collaboration protection platform, providing advanced threat protection against phishing, business email compromise, malware, and malicious links across Microsoft 365 email, Teams, SharePoint, and OneDrive. As Synqly’s Email Security provider, Microsoft Defender for Office 365 enables security teams to access normalized email threat detections and security events through a standardized connector. Integrate with Microsoft Defender for Office 365 to route email security findings and threat detections into your SIEM, incident response, or security operations workflows for unified email threat visibility.

Integration Use Cases

lists

Get Threat Details

Returns the details of the threat matching `{threatId}` from the token-linked Email Security provider. If a provider allows for the gathering of more detailed information about a threat, the response will include the additional information. Otherwise, the response will only include the basic information about the threat returned by the query_threats endpoint.

stacked_email

Query Email Events

Returns a list of email events matching the query from the token-linked Email Security provider. Defaults to the last 30 days of email events. This can be overridden by using the `time` filter. Note that some providers may have a maximum time range limit.

mail_shield

Query Threats

Returns a list of threats matching the query from the token-linked Email Security provider. Defaults to the last 30 days of threats. This can be overridden by using the `time` filter. Note that some providers may have a maximum time range limit. A threat is an automated detection that was deemed to be a threat by the Email Security provider.

Integration Resources