Microsoft Defender for Office 365 GCC
This integration is a part of other Microsoft integrations (MS Sentinel and Microsoft Defender for Endpoint GCC). This integration focuses on email threat security events and alerts.
Microsoft Defender for Office 365 GCC is a cloud-based email filtering service that helps protect your organization against advanced threats delivered via email and collaboration tools, like phishing, business email compromise, and malware attacks. In Cisco XDR, we enable Defender for Office 365 GCC users to leverage email intelligence and detections while performing incident investigations and threat hunting.
Use the Microsoft Defender for Office 365 GCC integration to search for security detections and associated indicators, reputations, and references, involving specified email addresses, URLs, email subjects, message IDs, IPs, domains, or file hashes.
These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.