Integrate with Microsoft 365 to:
Datadog collects the following types audit logs:
Audit.GeneralAudit.ExchangeAudit.SharePointAudit.AzureActiveDirectoryDLP.AllUse the Datadog Microsoft 365 tile to install the integration.
Click Install a New Tenant. This directs you to login to your Microsoft 365 account for authorization. You must login with an admin account.
Optionally add comma separated custom tags that get attached to every log for this newly setup tenant, for e.g environment:prod,team:us. These tags can be used to filter/analyze logs.
Note: Your organization must have audit logging enabled to use Datadog audit logging.
The Microsoft 365 integration produces one log event per audit log. Collected logs are tagged with the source microsoft-365.
Datadog’s log intake only supports backdating log events up to 18 hours in the past. Log events with an earlier timestamp are discarded.
Datadog does not support GCC government, GCC High government, or DoD tenants, because they require different Microsoft endpoints.
Need help? Contact Datadog support.