Skip to Content

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated May 06, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated April 07, 2022: We have updated the rollout timeline below. Thank you for your patience.

In alignment with the permanent redirection of the Office 365 Security & Compliance Center (SCC), and as previously mentioned (MC320940 – Feb 2022), we will be updating the deeplinks for Microsoft Defender for Office 365 events in Office 365 management API and the Unified Audit logs.

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

When this will happen

We will begin rolling this out in early August (previously late June) and expect to complete rollout late August (previously late July).

How this will affect your organization

As part of this change, deeplinks pointing to Office 365 Security & Compliance Center portal (protection.office.com) will start pointing to Microsoft 365 Defender portal (security.microsoft.com).

Note: There will be no change to any existing data attributes, recordtype or data audit structure. The only change that will happen is that the deeplink will start pointing to entities in security portal as compared to the Office 365 Security & Compliance Center portal.

This change will impact events with the following Recordtypes:

  • 28 – ThreatIntelligence
  • 40 – SecurityComplianceAlerts (Microsoft Defender for Office Plan 2 and above)
  • 47 – ThreatIntelligenceAtpContent
  • 64 – AirInvestigation

Example: The field EventDeepLink for Records with Recordtype 28 (ThreatIntelligence) would start pointing to security.microsoft.com, instead of protection.office.com. Once this change is implemented, the deeplinks which were earlier pointing to the Office 365 Security and Compliance portal (protection.office.com), will start pointing to the Microsoft 365 Defender portal (security.microsoft.com). There is no other change to the API itself, as well as the different data attributes that are published today.

What you need to do to prepare

You should evaluate your use of the event deeplinks and make sure that you update your playbooks and workflows to work within the Microsoft 365 Defender portal. If you are still working fully or partially out of the Office 365 Security & Compliance center, we recommend that you plan your transition, to avoid interrupted experiences.

Learn more

Message ID: MC341683
Published: 11 March 2022
Updated: 02 June 2022

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.