Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Microsoft Graph Security
You can set up a connector to add Microsoft Graph Security alerts to the Sophos Data Lake.
This lets you query Microsoft Graph data with Sophos Live Discover.
You must be an Admin or Super Admin to add or delete connectors.
Add a connector
To add a connector, do as follows:
-
Go to Third-party Connectors.
-
Click Microsoft Graph Security alerts.
-
Click Add connector.
-
Enter a Name and Description.
-
You’re prompted to connect to your Microsoft 365 account. Click Continue.
-
Select your Microsoft account and sign in to it.
-
You’re prompted to give permissions to a Master App. These permissions let us create an app that will be used as a connector. Click Accept.
-
If prompted, sign in to your Microsoft account.
-
You’re prompted to give permissions to the newly-created Sophos XDR app so that it can run as the connector and get MS Graph Data for Sophos. Click Accept.
-
You see confirmation that the connector is set up. Click Close.
-
In the connectors list in Sophos Central, you see the new connector.
After five minutes, the connector synchronizes Sophos Data Lake with Microsoft Graph for the first time.
Sophos Data Lake is now receiving Microsoft Graph Security alerts.
Delete a connector
To delete a connector, do as follows:
-
Go to Third-Party connectors.
-
On the Third-Party connectors page, click Microsoft Graph Security alerts.
-
Find the connector and turn it off. You can't delete the connector until you do this.
-
Confirm that you want to turn off the connector.
-
Click the trashcan icon next to the connector.
-
Confirm that you want to delete the connector.