https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575093#M5985 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/262549">@RajeshPremSingh</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>&nbsp;Thank you for reaching out to our Live Community.</SPAN></P> <P><SPAN>Integrating O365 API with Cortex XDR means, you will be ingesting logs from O365 to Cortex.<SPAN class="phrase">Cortex XDR</SPAN>&nbsp;can ingest the following logs and data from Microsoft Office 365 Management Activity API and Microsoft Graph API using the&nbsp;<SPAN class="guilabel">Office 365</SPAN>&nbsp;data collector. Cortex XDR as a tool, will not take any action.</SPAN></P> <P>&nbsp;</P> <P><SPAN>efore you can collect Microsoft Office 365 emails, you need to setup a compliance email account, and then configure an&nbsp;<A class="link ft-external-link" href="https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules" target="_blank" rel="noopener">Email Flow Rule</A>. This rule ensures to Blind carbon copy (Bcc) every message sent to, from, and within the organization to a defined compliance mailbox. After the Office 365 data collector ingests the emails, they are deleted from the compliance mailbox to prevent email from building up over time (nothing touches the actual users’ mailboxes).</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Microsoft-Office-365" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Microsoft-Office-365</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 31 Jan 2024 14:44:56 GMT aspatil 2024-01-31T14:44:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575087#M5982 <P>hi</P> <P>&nbsp;</P> <P>&nbsp;we integrated o365 API with cortex we have concern&nbsp;</P> <P>what it will do it will do anything?</P> <P>what is the use compliance mail it block spam or malicious attachment&nbsp;</P> Wed, 31 Jan 2024 13:19:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575087#M5982 RajeshPremSingh 2024-01-31T13:19:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575093#M5985 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/262549">@RajeshPremSingh</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>&nbsp;Thank you for reaching out to our Live Community.</SPAN></P> <P><SPAN>Integrating O365 API with Cortex XDR means, you will be ingesting logs from O365 to Cortex.<SPAN class="phrase">Cortex XDR</SPAN>&nbsp;can ingest the following logs and data from Microsoft Office 365 Management Activity API and Microsoft Graph API using the&nbsp;<SPAN class="guilabel">Office 365</SPAN>&nbsp;data collector. Cortex XDR as a tool, will not take any action.</SPAN></P> <P>&nbsp;</P> <P><SPAN>efore you can collect Microsoft Office 365 emails, you need to setup a compliance email account, and then configure an&nbsp;<A class="link ft-external-link" href="https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules" target="_blank" rel="noopener">Email Flow Rule</A>. This rule ensures to Blind carbon copy (Bcc) every message sent to, from, and within the organization to a defined compliance mailbox. After the Office 365 data collector ingests the emails, they are deleted from the compliance mailbox to prevent email from building up over time (nothing touches the actual users’ mailboxes).</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Microsoft-Office-365" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Microsoft-Office-365</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 31 Jan 2024 14:44:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575093#M5985 aspatil 2024-01-31T14:44:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575853#M6019 <P>Sry this thing i can read from document&nbsp; i need more info what the thing can do&nbsp; and how to create compliance mail</P> Sat, 03 Feb 2024 08:33:05 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/575853#M6019 RajeshPremSingh 2024-02-03T08:33:05Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/583625#M6501 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/308232">@aspatil</a>&nbsp;,</P> <P>Once ingesting the o365 email logs to cortex XDR, is it can be doing any action? for example detecting URLs, attachments, or recipients' domains.</P> <P>if it is malicious is cortex block the URL, attachment or Domain?</P> <P>&nbsp;</P> Sun, 14 Apr 2024 01:04:18 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/583625#M6501 PoojalaSreenadh 2024-04-14T01:04:18Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/588042#M6742 <P>How can we ensure that the emails are deleted from the compliance mailbox after&nbsp;<SPAN>Office 365 data collector ingests the emails?<BR />Is there a suggested email flow rule that specify a timeline like every hour cleanup?</SPAN></P> Tue, 28 May 2024 02:43:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-o365-compliance-email/m-p/588042#M6742 Dopamine09 2024-05-28T02:43:19Z