diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml
index ea174eb581a..5a313aebbd0 100644
--- a/packages/o365/changelog.yml
+++ b/packages/o365/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.6.0"
+  changes:
+    - description: Extend list of mapped record types
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3588
 - version: "1.5.1"
   changes:
     - description: Fix processing of ModifiedProperties when it is a list of strings
diff --git a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
index d448aa15357..4920184ee0e 100644
--- a/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -67,6 +67,7 @@ processors:
         "3": "ExchangeItemGroup"
         "4": "SharePoint"
         "6": "SharePointFileOperation"
+        "7": "OneDrive"
         "8": "AzureActiveDirectory"
         "9": "AzureActiveDirectoryAccountLogon"
         "10": "DataCenterSecurityCmdlet"
@@ -75,7 +76,10 @@ processors:
         "13": "ComplianceDLPExchange"
         "14": "SharePointSharingOperation"
         "15": "AzureActiveDirectoryStsLogon"
+        "16": "SkypeForBusinessPSTNUsage"
+        "17": "SkypeForBusinessUsersBlocked"
         "18": "SecurityComplianceCenterEOPCmdlet"
+        "19": "ExchangeAggregatedOperation"
         "20": "PowerBIAudit"
         "21": "CRM"
         "22": "Yammer"
@@ -83,26 +87,84 @@ processors:
         "24": "Discovery"
         "25": "MicrosoftTeams"
         "28": "ThreatIntelligence"
+        "29": "MailSubmission"
         "30": "MicrosoftFlow"
         "31": "AeD"
         "32": "MicrosoftStream"
         "33": "ComplianceDLPSharePointClassification"
+        "34": "ThreatFinder"
         "35": "Project"
         "36": "SharePointListOperation"
+        "37": "SharePointCommentOperation"
         "38": "DataGovernance"
+        "39": "Kaizala"
         "40": "SecurityComplianceAlerts"
         "41": "ThreatIntelligenceUrl"
         "42": "SecurityComplianceInsights"
+        "43": "MIPLabel"
         "44": "WorkplaceAnalytics"
         "45": "PowerAppsApp"
+        "46": "PowerAppsPlan"
         "47": "ThreatIntelligenceAtpContent"
+        "48": "LabelContentExplorer"
         "49": "TeamsHealthcare"
+        "50": "ExchangeItemAggregated"
+        "51": "HygieneEvent"
         "52": "DataInsightsRestApiAudit"
+        "53": "InformationBarrierPolicyApplication"
         "54": "SharePointListItemOperation"
         "55": "SharePointContentTypeOperation"
         "56": "SharePointFieldOperation"
+        "57": "MicrosoftTeamsAdmin"
+        "58": "HRSignal"
+        "59": "MicrosoftTeamsDevice"
+        "60": "MicrosoftTeamsAnalytics"
+        "61": "InformationWorkerProtection"
+        "62": "Campaign"
+        "63": "DLPEndpoint"
         "64": "AirInvestigation"
+        "65": "Quarantine"
         "66": "MicrosoftForms"
+        "67": "ApplicationAudit"
+        "68": "ComplianceSupervisionExchange"
+        "69": "CustomerKeyServiceEncryption"
+        "70": "OfficeNative"
+        "71": "MipAutoLabelSharePointItem"
+        "72": "MipAutoLabelSharePointPolicyLocation"
+        "73": "MicrosoftTeamsShifts"
+        "75": "MipAutoLabelExchangeItem"
+        "76": "CortanaBriefing"
+        "78": "WDATPAlerts"
+        "82": "SensitivityLabelPolicyMatch"
+        "83": "SensitivityLabelAction"
+        "84": "SensitivityLabeledFileAction"
+        "85": "AttackSim"
+        "86": "AirManualInvestigation"
+        "87": "SecurityComplianceRBAC"
+        "88": "UserTraining"
+        "89": "AirAdminActionInvestigation"
+        "90": "MSTIC"
+        "91": "PhysicalBadgingSignal"
+        "93": "AipDiscover"
+        "94": "AipSensitivityLabelAction"
+        "95": "AipProtectionAction"
+        "96": "AipFileDeleted"
+        "97": "AipHeartBeat"
+        "98": "MCASAlerts"
+        "99": "OnPremisesFileShareScannerDlp"
+        "100": "OnPremisesSharePointScannerDlp"
+        "101": "ExchangeSearch"
+        "102": "SharePointSearch"
+        "103": "PrivacyInsights"
+        "105": "MyAnalyticsSettings"
+        "106": "SecurityComplianceUserChange"
+        "107": "ComplianceDLPExchangeClassification"
+        "109": "MipExactDataMatch"
+        "113": "MS365DCustomDetection"
+        "147": "CoreReportingSettings"
+        "148": "ComplianceConnector"
+        "174": "DataShareOperation"
+        "181": "EduDataLakeDownloadOperation"
       source: >
         def schemaId = ctx.o365audit.RecordType.toString();
         def schema = params[schemaId];
diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml
index ccb1b423ba1..b9b95e46c45 100644
--- a/packages/o365/manifest.yml
+++ b/packages/o365/manifest.yml
@@ -1,6 +1,6 @@
 name: o365
 title: Office 365 Logs
-version: 1.5.1
+version: 1.6.0
 release: ga
 description: Collect and parse event logs from Office 365 with Elastic Agent.
 type: integration