Skip to Content

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated May 06, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated April 07, 2022: We have updated the rollout timeline below. Thank you for your patience.

In alignment with the permanent redirection of the Office 365 Security & Compliance Center (SCC), and as previously mentioned (MC320940 – Feb 2022), we will be updating the deeplinks for Microsoft Defender for Office 365 events in Office 365 management API and the Unified Audit logs.

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

When this will happen

We will begin rolling this out in early August (previously late June) and expect to complete rollout late August (previously late July).

How this will affect your organization

As part of this change, deeplinks pointing to Office 365 Security & Compliance Center portal (protection.office.com) will start pointing to Microsoft 365 Defender portal (security.microsoft.com).

Note: There will be no change to any existing data attributes, recordtype or data audit structure. The only change that will happen is that the deeplink will start pointing to entities in security portal as compared to the Office 365 Security & Compliance Center portal.

This change will impact events with the following Recordtypes:

  • 28 – ThreatIntelligence
  • 40 – SecurityComplianceAlerts (Microsoft Defender for Office Plan 2 and above)
  • 47 – ThreatIntelligenceAtpContent
  • 64 – AirInvestigation

Example: The field EventDeepLink for Records with Recordtype 28 (ThreatIntelligence) would start pointing to security.microsoft.com, instead of protection.office.com. Once this change is implemented, the deeplinks which were earlier pointing to the Office 365 Security and Compliance portal (protection.office.com), will start pointing to the Microsoft 365 Defender portal (security.microsoft.com). There is no other change to the API itself, as well as the different data attributes that are published today.

What you need to do to prepare

You should evaluate your use of the event deeplinks and make sure that you update your playbooks and workflows to work within the Microsoft 365 Defender portal. If you are still working fully or partially out of the Office 365 Security & Compliance center, we recommend that you plan your transition, to avoid interrupted experiences.

Learn more

Message ID: MC341683
Published: 11 March 2022
Updated: 02 June 2022

Posted on  - Last updated:

Home > MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.