diff --git a/tools/config/generic/m365.yml b/tools/config/generic/m365.yml
new file mode 100644
index 000000000..51e08af6e
--- /dev/null
+++ b/tools/config/generic/m365.yml
@@ -0,0 +1,7 @@
+title: Microsoft 365 Rules
+order: 10
+ThreatManagement:
+   product: m365
+   category: ThreatManagement
+   conditions:
+       eventSource: SecurityComplianceCenter