https://store-images.s-microsoft.com/image/apps.9731.51769e19-eb10-425a-8128-43beac6ea722.06dc8fff-5d2a-4094-9569-3a607ac7d2e7.de55bc2d-d8ae-4e29-8f91-08794f485987

Azure Sentinel - Continuous Threat Monitoring for Dynamics 365 (Preview)

Microsoft Corporation

Azure Sentinel - Continuous Threat Monitoring for Dynamics 365 (Preview)

Microsoft Corporation

Use Azure Sentinel to monitor and protect Dynamics 365

The Dynamics 365 continuous Threat Monitoring with Azure Sentinel solution provides you with ability to collect Dynamics 365 logs, gain visibility of activities within Dynamics 365 and analyze them to detect threats and malicious activities.

The solution includes four elements:
  1. Data connector*: 
    • The Dynamics 365 Common Data Service (CDS) activities connector provides insight into admin, user, and support activities, as well as Microsoft Social Engagement logging events. By connecting Dynamics 365 CRM logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process. This new Azure Sentinel connector collects the Dynamics CDS data from the Office Management API. 
  2. Analytic rules detecting:
    • Mass export of Dynamics 365 records to Excel
    • Bulk retrieval of data outside of normal activity hours
    • Suspicious changes to Dynamics 365 encryption settings
    • Suspicious Dynamics 365 admin activities
    • New users agents accessing Dynamics 365
  3. Workbook dashboard providing visibility into:
    • Record retrieval events
    • Record deletion events
    • Record export events
    • Email events
    • Other events
  4. Threat hunting queries:
    • Dynamics 365 Activity After Azure AD Alerts 
    • Dynamics 365 Activity After Failed Logons 

* Currently the data connector is located in the data connectors gallery and should be enabled from there
https://store-images.s-microsoft.com/image/apps.63673.51769e19-eb10-425a-8128-43beac6ea722.06dc8fff-5d2a-4094-9569-3a607ac7d2e7.b8b47d43-ee00-497d-8de6-42bd6dc2e66b
https://store-images.s-microsoft.com/image/apps.63673.51769e19-eb10-425a-8128-43beac6ea722.06dc8fff-5d2a-4094-9569-3a607ac7d2e7.b8b47d43-ee00-497d-8de6-42bd6dc2e66b