Skip to Content

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

Updated May 06, 2022: We have updated the rollout timeline below. Thank you for your patience.

Updated April 07, 2022: We have updated the rollout timeline below. Thank you for your patience.

In alignment with the permanent redirection of the Office 365 Security & Compliance Center (SCC), and as previously mentioned (MC320940 – Feb 2022), we will be updating the deeplinks for Microsoft Defender for Office 365 events in Office 365 management API and the Unified Audit logs.

MC341683: Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

When this will happen

We will begin rolling this out in late May (previously late April) and expect to complete rollout late June (previously mid-June).

How this will affect your organization

As part of this change, deeplinks pointing to Office 365 Security & Compliance Center portal (protection.office.com) will start pointing to Microsoft 365 Defender portal (security.microsoft.com).

Note: There will be no change to any existing data attributes, recordtype or data audit structure. The only change that will happen is that the deeplink will start pointing to entities in security portal as compared to the Office 365 Security & Compliance Center portal.

This change will impact events with the following Recordtypes:

  • 28 – ThreatIntelligence
  • 40 – SecurityComplianceAlerts (Microsoft Defender for Office Plan 2 and above)
  • 47 – ThreatIntelligenceAtpContent
  • 64 – AirInvestigation

Example: The field EventDeepLink for Records with Recordtype 28 (ThreatIntelligence) would start pointing to security.microsoft.com, instead of protection.office.com. Once this change is implemented, the deeplinks which were earlier pointing to the Office 365 Security and Compliance portal (protection.office.com), will start pointing to the Microsoft 365 Defender portal (security.microsoft.com). There is no other change to the API itself, as well as the different data attributes that are published today.

What you need to do to prepare

You should evaluate your use of the event deeplinks and make sure that you update your playbooks and workflows to work within the Microsoft 365 Defender portal. If you are still working fully or partially out of the Office 365 Security & Compliance center, we recommend that you plan your transition, to avoid interrupted experiences.

Learn more

Message ID: MC341683
Published: 11 March 2022
Updated: 06 May 2022

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker