Liongard Ideas Portal

Submit and upvote ideas to make Liongard better. You get 20 votes so vote wisely. 🙂

To learn more about our Ideas Portal, check out our FAQs.
To schedule a feedback session with a member of the Liongard Research Team, click here.

See what we've shipped by clicking here!

Collect holistic security alerting information from Office365 and Azure

are you familiar with Office365 Security Alerting? Things like "user has been granted access to a mailbox"? they're enabled by default to global admins, and can be further configured, and turns on/off, etc

great, so we've tried so many ways to centralize that reporting, we have gone in and configured each rule to send e-mails directly to our PSA, but the problem with that is that we have no way to assign those emails to a customer. Our PSA can only trigger on the subject or the sender, and there is no info in the subject that can tie it to a customer.The best we've been able to do is configure a mailbox under each client, and configure a forward rule to the PSA, but that requires a lot of manual work- modify the alerting rules on each tenant
- create a mailbox and forwarding rule on each tenant
- configure PSA
- update security rules whenever some new alert is foundgood news is there is an API for the Azure Security Center and for the Office365 Management Activitywe should be able to get this info into liongard!https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-referencehttps://docs.microsoft.com/en-us/rest/api/securitycenter/https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-service-communications-api-reference

  • Kent Calero
  • Nov 16 2020
  • Needs Review
  • Attach files