Microsoft Defender for Office 365 is Microsoft’s Office 365 detection engine, which aggregates alerts from Microsoft’s Office 365 services. See more details on the alerts here.
Integrating the alerts to Hunters will allow triaging the alerts and correlating to other related threats.
Prerequisites
Microsoft Defender for Office 365 events are exported by Microsoft to Azure Blob Storage and consumed by Hunters from your storage. Follow the next steps to allow the export of events:
Enable the collection of Alert Evidence and Alert Info to the storage. You should see corresponding container names being created with data - insights-logs-advancedhunting-alertevidence, insights-logs-advancedhunting-alertinfo.