Added Preview tag for data connector of MDO365

Solutions/Microsoft Defender for Office 365/Data Connectors/template_OfficeATP.JSON

@@ -1,6 +1,6 @@
 {
     "id": "OfficeATP",
-    "title": "Microsoft Defender for Office 365",
+    "title": "Microsoft Defender for Office 365 (Preview)",
     "publisher": "Microsoft",
     "logo": "Office365Logo.svg",
     "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
@@ -94,4 +94,4 @@
             ]
         }
     ]
-}
+}

Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json

@@ -17,7 +17,7 @@
     "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "2.0.1",
+  "Version": "3.0.0",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": true

Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json

@@ -44,37 +44,37 @@
     "_solutionVersion": "3.0.0",
     "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforo365",
     "_solutionId": "[variables('solutionId')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "uiConfigId1": "OfficeATP",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "OfficeATP",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))),variables('dataConnectorVersion1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "MicrosoftDefenderForOffice365",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))),variables('workbookVersion1')))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
     "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "O365_Defender_FunctionAppConnector": "O365_Defender_FunctionAppConnector",
     "_O365_Defender_FunctionAppConnector": "[variables('O365_Defender_FunctionAppConnector')]",
     "TemplateEmptyArray": "[json('[]')]",
     "playbookVersion1": "1.0",
     "playbookContentId1": "O365_Defender_FunctionAppConnector",
     "_playbookContentId1": "[variables('playbookContentId1')]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-fa-',uniquestring(variables('_playbookContentId1'))))]",
     "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','fa','-', uniqueString(concat(variables('_solutionId'),'-','AzureFunction','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
     "o365-BlockMalwareFileExtension": "o365-BlockMalwareFileExtension",
     "_o365-BlockMalwareFileExtension": "[variables('o365-BlockMalwareFileExtension')]",
     "playbookVersion2": "1.0",
     "playbookContentId2": "o365-BlockMalwareFileExtension",
     "_playbookContentId2": "[variables('playbookContentId2')]",
     "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))),variables('playbookVersion2')))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
     "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
     "blanks": "[replace('b', 'b', '')]",
     "o365-BlockSender": "o365-BlockSender",
@@ -83,23 +83,23 @@
     "playbookContentId3": "o365-BlockSender",
     "_playbookContentId3": "[variables('playbookContentId3')]",
     "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))),variables('playbookVersion3')))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
     "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
     "o365-BlockSender-EntityTrigger": "o365-BlockSender-EntityTrigger",
     "_o365-BlockSender-EntityTrigger": "[variables('o365-BlockSender-EntityTrigger')]",
     "playbookVersion4": "1.0",
     "playbookContentId4": "o365-BlockSender-EntityTrigger",
     "_playbookContentId4": "[variables('playbookContentId4')]",
     "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
-    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))),variables('playbookVersion4')))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
     "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
     "o365-BlockSpamDomain": "o365-BlockSpamDomain",
     "_o365-BlockSpamDomain": "[variables('o365-BlockSpamDomain')]",
     "playbookVersion5": "1.0",
     "playbookContentId5": "o365-BlockSpamDomain",
     "_playbookContentId5": "[variables('playbookContentId5')]",
     "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
-    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))),variables('playbookVersion5')))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
     "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
@@ -129,7 +129,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "id": "[variables('_uiConfigId1')]",
-                  "title": "Microsoft Defender for Office 365",
+                  "title": "Microsoft Defender for Office 365 (Preview)",
                   "publisher": "Microsoft",
                   "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
                   "graphQueries": [
@@ -235,7 +235,7 @@
       "kind": "StaticUI",
       "properties": {
         "connectorUiConfig": {
-          "title": "Microsoft Defender for Office 365",
+          "title": "Microsoft Defender for Office 365 (Preview)",
           "publisher": "Microsoft",
           "descriptionMarkdown": "Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Microsoft Defender for Office 365 alerts into Microsoft Sentinel, you can incorporate information about email- and URL-based threats into your broader risk analysis and build response scenarios accordingly.\n \nThe following types of alerts will be imported:\n\n-   A potentially malicious URL click was detected \n-   Email messages containing malware removed after delivery\n-   Email messages containing phish URLs removed after delivery\n-   Email reported by user as malware or phish \n-   Suspicious email sending patterns detected \n-   User restricted from sending email \n\nThese alerts can be seen by Office customers in the ** Office Security and Compliance Center**.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219942&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
           "graphQueries": [
@@ -3289,11 +3289,11 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Microsoft Defender for Office 365",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>Please refer to the following before installing the solution: \r \n • Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md\">Release Notes</a>\r \n • There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution  is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.microsoft.com/security/business/threat-protection/office-365-defender\">Microsoft Defender for Office 365</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution  is dependent on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Function Apps:</strong> 1, <strong>Playbooks:</strong> 4</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
-        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/office365_logo.svg\"width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {
@@ -3365,4 +3365,4 @@
     }
   ],
   "outputs": {}
-}
+}