About the Microsoft Defender for Office 365 Integration
Microsoft Defender for Office 365 is Microsoft’s cloud-based email security and collaboration protection platform, providing advanced threat protection against phishing, business email compromise, malware, and malicious links across Microsoft 365 email, Teams, SharePoint, and OneDrive. As Synqly’s Email Security provider, Microsoft Defender for Office 365 enables security teams to access normalized email threat detections and security events through a standardized connector. Integrate with Microsoft Defender for Office 365 to route email security findings and threat detections into your SIEM, incident response, or security operations workflows for unified email threat visibility.
Integration Use Cases
Get Threat Details
Returns the details of the threat matching `{threatId}` from the token-linked Email Security provider. If a provider allows for the gathering of more detailed information about a threat, the response will include the additional information. Otherwise, the response will only include the basic information about the threat returned by the query_threats endpoint.
Query Email Events
Returns a list of email events matching the query from the token-linked Email Security provider. Defaults to the last 30 days of email events. This can be overridden by using the `time` filter. Note that some providers may have a maximum time range limit.
Query Threats
Returns a list of threats matching the query from the token-linked Email Security provider. Defaults to the last 30 days of threats. This can be overridden by using the `time` filter. Note that some providers may have a maximum time range limit. A threat is an automated detection that was deemed to be a threat by the Email Security provider.