Upcoming changes to Office 365 Management API events for Microsoft Defender for Office 365

Originally posted by Microsoft Mar 11, 2022 Microsoft 365 Apps 0 Comments

In alignment with the permanent redirection of the Office 365 Security & Compliance Center (SCC), and as previously mentioned (MC320940 – Feb 2022), we will be updating the deeplinks for Microsoft Defender for Office 365 events in Office 365 management API and the Unified Audit logs.

When this will happen:

We will begin rolling this out in early April and expect to complete rollout late May. 

How this will affect your organization:

As part of this change, deeplinks pointing to Office 365 Security & Compliance Center portal (protection.office.com) will start pointing to Microsoft 365 Defender portal (security.microsoft.com).

Note: There will be no change to any existing data attributes, recordtype or data audit structure. The only change that will happen is that the deeplink will start pointing to entities in security portal as compared to the Office 365 Security & Compliance Center portal.

This change will impact events with the following Recordtypes:

  •  28 – ThreatIntelligence
  •  40 – SecurityComplianceAlerts (Microsoft Defender for Office Plan 2 and above) 
  •  47 – ThreatIntelligenceAtpContent
  •  64 – AirInvestigation

Example: The field EventDeepLink for Records with Recordtype 28 (ThreatIntelligence) would start pointing to security.microsoft.com, instead of protection.office.com. Once this change is implemented, the deeplinks which were earlier pointing to the Office 365 Security and Compliance portal (protection.office.com), will start pointing to the Microsoft 365 Defender portal (security.microsoft.com). There is no other change to the API itself, as well as the different data attributes that are published today. 

What you need to do to prepare:

Learn more:

You should evaluate your use of the event deeplinks and make sure that you update your playbooks and workflows to work within the Microsoft 365 Defender portal. If you are still working fully or partially out of the Office 365 Security & Compliance center, we recommend that you plan your transition, to avoid interrupted experiences. 

Message ID: MC341683

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: