Auditing Activities in the Azure & Office 365 Cloud

12 בJuly 2016

אין תגובות
Nowadays, when many of our infrastructure services are in the cloud, one of the most important and security critical benefits must be the ability to monitor users and admins behavior.

Microsoft Azure and Office 365 offer a set of tools for that purpose alone in the Security & Compliance Admin Center.

Security & Compliance

When we open the Reports section, we’ll find there an option to view all the reports. There will be 3 auditing reports including Office 365 Audit Log, Azure AD Reports and Exchange Audit Reports.

View reports - Security & Compliance

Office 365 Audit Log:

By clicking on this audit report you will be redirected (on the same admin page) to Search & Investigation –> Audit Log Search.

You will have to enable the search in your organization to be able to see the audit logs by clicking on “Start recording user and admin activities”:

Security & Compliance2

And now, beginning from the time you’ve clicked this link, every activity performed by a user or an admin will be subject to auditing.

Note: In order to search Exchange mailbox activities, you’ll have to enable Mailbox Auditing using PowerShell

This setting is also relevant for the “Exchange audit reports” in the “Reports” section of this admin center.

Azure AD Reports:

These reports focus mainly on Identity anomalous activities. Some of them require Azure AD Premium license.

These reports require you to have registered your Azure account. It is simple and without additional cost (if you have Office 365 subscription).

Active Directory - Microsoft Azure

In order to monitor user activities, you’ll have to agree to the privacy statement.

All the Global Admins will receive email regarding anomalous activities of their users which will look like this:

Your Weekly Status

The last auditing report in the “Reports” section is the “Exchange audit log”:

auditing - Microsoft Exchange

Here you’ll be able to run the admin audit log report which displays any related Exchange admin behavior by displaying the PowerShell cmdlets with their parameters and argument.

In addition, you will be able to run mailbox activities reports much like in the “Search & Investigation” section of Compliance & Security Admin Center, but in this case you’ll have to enable Mailbox Auditing using PowerShell.

הוסף תגובה
facebook linkedin twitter email

Leave a Reply

Your email address will not be published. Required fields are marked *