Managed Sentinel – Alert 085

Alert IDMS-A085
Alert NameSilent OfficeActivity Workload
DescriptionThis alert is triggered when an Office 365 workload such as Exchange, SharePoint, OneDrive, etc. has not generated logs in the last 1 hour. Version 1.0
Severity LevelInformational
Threat IndicatorSystem monitoring impact
MITRE ATT&CK TacticsExecution
Log sourcesOffice 365
False Positives
Recommendations1. Customer needs to investigate Office 365 Data Connector in Azure Sentinel is stopped or misconfigured
2. Follow-up with Microsoft technical support team to notify that O365 logging stop working