Abnormal Security Migration: Scope

Scope

In Scope

  • Abnormal Security API integration with M365

  • ESA decommission planning (MX record cutover)

  • Log source migration (ESA syslog → Abnormal API → Sentinel)

  • Policy configuration (detection rules, auto-remediation)

  • User communication (phishing reporting workflow changes)

  • Integration with Sentinel analytics rules

Out of Scope

  • M365 tenant configuration (separate team)

  • Defender XDR deployment (separate project)

  • ISE — not affected by this migration

Dependencies

  • Microsoft Sentinel access (acquired 2026-04-01)

  • Monad ETL pipeline (for log transformation)

  • M365 Graph API permissions (tenant admin approval)