Microsoft 365

Microsoft 365

Crawler Crawler

Overview

Integrate with Microsoft 365 to:

  • View and parse your audit logs using Datadog’s logging product
  • Set monitors on events from your Microsoft 365 platform
  • Leverage the Datadog suite of security tools to set security rules

Datadog collects the following types audit logs:

  • Audit.General
  • Audit.Exchange
  • Audit.SharePoint
  • Audit.AzureActiveDirectory
  • DLP.All

Setup

Installation

Use the Datadog Microsoft 365 tile to install the integration.

Click Install a New Tenant. This directs you to login to your Microsoft 365 account for authorization. You must login with an admin account.

Optionally add comma separated custom tags that get attached to every log for this newly setup tenant, for e.g environment:prod,team:us. These tags can be used to filter/analyze logs.

Note: Your organization must have audit logging enabled to use Datadog audit logging.

Data Collected

Logs

The Microsoft 365 integration produces one log event per audit log. Collected logs are tagged with the source microsoft-365.

Troubleshooting

Datadog’s log intake only supports backdating log events up to 18 hours in the past. Log events with an earlier timestamp are discarded.

Datadog does not support GCC government, GCC High government, or DoD tenants, because they require different Microsoft endpoints.

Need help? Contact Datadog support.