Microsoft provided a powerful new Azure Sentinel Workbook: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-azure-sentinel-zero-trust-tic3-0-workbook/ba-p/2315195
As shown in the screenshot, it is always possible to jump from the Zero Trust (TIC3.0) Workbook to the underlying KQL Querrey in order to evaluate further details.Whether data can be viewed from the tenant depends on which services are included in Azure Sentinel. Example:
Microsoft Teams & Zero Trust (TIC3.0) WorkbookWith the "Unified Communications & Collaboration" filter, the focus of the Workbook is among other things on the Microsoft Teams service. Here, recommendations and details of a Zero Trust strategy are now also displayed as well as data on the tenant:
The focus is not only on the SaaS solutions around Office 365; with the connectors that can be integrated into Azure Sentinel, a comprehensive overall picture is easily possible.