Have you had security breaches, deleted files, and suspicious actions within your network? The Office 365 audit log can help you find the source.
Security and technical issues are an IT administrator’s biggest concerns, particularly when these problems keep repeating without a permanent solution. Office 365 software suites seek to address these setbacks with its Office 365 audit log feature that is able to record a wide range of activities from all employees to not only get a sense of day-to-day operations, but also find the root causes of issues such as deleted files, multiple failed login attempts, unauthorized access to sensitive data, and more.
In order to make sure your organization’s licenses are covered by the Office 365 audit log right away, you must first enable this feature when you first set up your Office 365 license for maximum effect; however, you can set this feature up at any time if you have not done so already.
Set Up Office 365 Audit Log
To set up the Office 365 audit log, follow these simple steps:
- Log into your Office 365 Enterprise account
- Under Report, select Security & Compliance
- Under search & investigation, select Audit log search
- On the Audit log search page, select Start recording user and admin activity and confirm this option (if you do not see this message displayed, it may be because your organization already has the Office 365 audit log enabled)
Once confirmed, you will see a message saying that the audit log is being prepared and that you will be able to run a search in a few hours once the prep period has concluded.
After your system is ready to start recording activities, be sure to set up permissions for authorized people to view the Office 365 audit logs on the Permissions page. Additionally, you would do well to set up alerts for when certain activities take place to find the source of any irregular or suspicious actions.
Some of the Office 365 programs can appear as soon as 30 minutes after an action has occurred while others can take up to 24 hours. Office 365 services that are recordable for the audit logs include the following:
- SharePoint Online
- OneDrive for Business
- Exchange Online
- Azure Active Directory (user login and admin events)
- Power BI
- Security & Compliance Center
- Microsoft Teams
By enabling the Office 365 audit log feature, you will be able to accurately monitor what everyone on your Office 365 network does and find better solutions to any user-based issues.
Source: MCS Blog