Microsoft 365 Defender

Integrating Microsoft 365 Defender With Blumira’s Cloud SIEM

Click here for the most updated version of this documentation.

Microsoft 365 Defender, formerly Office 365 Advanced Threat Protection, safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Blumira integrates with Microsoft 365 Defender to stream Office 365 cloud security event logs and alerts to the Blumira service for threat detection, alerting and actionable response.

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

Configuring Microsoft 365 Defender

Before you begin

First, integrate Azure Event Hubs with Blumira by completing the steps in Integrating with Microsoft Azure Event Hubs.

Next, gather the Event Hub Name and the Resource ID of the Azure event hub namespace that you created for Blumira, which are in your Azure Event Hubs Namespace page > Properties menu.

Forwarding Microsoft Defender events to Blumira

To connect Microsoft 365 Defender to your Blumira event hub in Azure:

Log in to security.microsoft.com as a Global Admin.
Navigate to Settings.
Click Microsoft 365 Defender.
Click Streaming API.
Click Add.
Type a name for your new settings.
Click Forward events to Event Hubs.
Type your Blumira Event Hub Namespace Resource ID and Event Hub Name.
Select the event types you want to stream.
Click Save.