Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Microsoft
Each of the Sophos products provide detection and audit information available in the data lake. The Sophos XDR product includes two additional integrations for Microsoft at no additional charge.
Microsoft - Office 365 Management Activity Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.
Office 365 Management activity provides audit information on user, and admin activity related to authentication, email notifications, and changes to policy. This integration is valuable for threat hunters to better understand detections from other integrations and from the Microsoft Graph Security API.
Microsoft - Graph Security API Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.