Microsoft 365 Audit General and DLP

A Microsoft Sentinel data connector solution for ingesting M365 audit logs and DLP events via the Codeless Connector Platform (CCP).

v3.0.0

About

This solution provides two codeless connectors (CCP) that ingest Microsoft 365 audit logs from the Office 365 Management Activity API into a shared 321-column custom table (M365AuditGeneral_CL) in Microsoft Sentinel.

Audit.General — 29 specialty workloads: Copilot & AI, Power BI, Viva suite, Security & Compliance, eDiscovery, Defender for Office 365, Attack Simulation, Microsoft Sentinel platform, and more
Audit.DLP — Data loss prevention (DLP) events in Microsoft Purview available for Exchange Online, Endpoint (devices), and SharePoint and OneDrive

Events from workloads that have dedicated Sentinel connectors (Teams, Exchange, SharePoint, Entra ID, Dynamics 365, Purview Information Protection) are filtered out to avoid duplication.

Support

This is a partner-supported solution. For bug reports, feature requests, or questions, please open an issue on GitHub.

Search existing issues or create a new one to get help.

Open an Issue on GitHub

Microsoft 365 Audit General and DLP

About

Support

Resources

GitHub Repository

Release Notes

Sentinel Docs

M365 Management API