Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Auditing and Reporting for Office 365

As organizations move to Office 365, sometimes the finer details of the service can get over looked. To be able to manage your Office 365 tenant, you need to understand what auditing and reporting capabilities are built into Office 365, as well as what functionality is missing. A complete understanding of the features and functionality in place to protect your systems is essential to identifying threats, and planning a reaction.

Drawing on his personal experiences assisting clients with migrations, Nathan O’Bryan (MCSM: Messaging, MVP: Office Servers and Services) will dive into the auditing and reporting features and functionality that are included with Office 365. He will cover how to properly implement protection for your systems in addition to real world tips and practical lessons learned for protecting your data in the cloud.

  • Login to see the comments

  • Be the first to like this

Auditing and Reporting for Office 365

  1. 1. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Auditing and Reporting for Office 365
  2. 2. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T @enowconsulting Find us! ENow Software ENowSoftware ENowSoftware.com Some of ENow’s Loyal Customers • Microsoft Silver ISV & Messaging Microsoft Partner • Focused on building software solutions that simplify the life of IT administrators • Software architected by MVPs with >15 years experience in high-end Microsoft consulting and management • Customers in over 60 countries ENow Software About ENow
  3. 3. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T
  4. 4. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T About the speaker – Nathan O’Bryan MVP: Office Servers and Services MCSM: Messaging Consultant @ SPS http://www.spscom.com @MCSMLab http://www.mcsmlab.com
  5. 5. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Introduction • Auditing and reporting is important to any organization • Office 365 is a collection of different resources, all developed separately • Microsoft is working toward a unified auditing and reporting system, but they are not there yet
  6. 6. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Auditing and Reporting • In Office 365, auditing and reporting is broken into two groups • Exchange • Everything else • “Everything else” is far behind Exchange for auditing and reporting features • All auditing and reporting in Office 365 requires Exchange in your tenant • Microsoft is working on bringing “everything else” up to the auditing and reporting standards of Exchange
  7. 7. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Mailbox Auditing • Mailbox auditing is about figuring out who did what and when they did it • First introduced in Exchange 2007 SP2 • 3 types of mailbox auditing • Owner • Delegates • Administrator • Mailbox auditing is not on by default
  8. 8. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 1 – Enable Mailbox Auditing • Verify mailbox auditing is on for a mailbox • Verify mailbox auditing is on for multiple mailboxes • Turn mailbox auditing on • Verify what actions are being audited
  9. 9. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Mailbox actions logged Action Description Admin Delegate Owner Copy An item is copied to another folder. Yes No No Create An item is created in the Calendar, Contacts, Notes, or Tasks folder in the mailbox; for example, a new meeting request is created. Note that message or folder creation isn't audited. Yes* Yes* Yes FolderBind A mailbox folder is accessed. Yes* Yes No HardDelete An item is deleted permanently from the Recoverable Items folder. Yes* Yes* Yes MailboxLogin The user signed in to their mailbox. No No Yes MessageBind An item is accessed in the reading pane or opened. Yes No No Move An item is moved to another folder. Yes* Yes Yes MoveToDeletedItems An item is moved to the Deleted Items folder. Yes* Yes Yes SendAs A message is sent using Send As permissions. Yes* Yes* No SendOnBehalf A message is sent using Send on Behalf permissions. Yes* Yes No SoftDelete An item is deleted from the Deleted Items folder. Yes* Yes* Yes Update An item's properties are updated. Yes* Yes* Yes * Audited by default if auditing is enabled for a mailbox.
  10. 10. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 2 – Configuring Mailbox Auditing • Set what actions are audited • Set audit log age limit • Determine size of mailbox audit log • Delete mailbox audit log entries
  11. 11. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 3 – Searching Mailbox Audit Log • Search mailbox audit log • Search for limited results • Search for specific actions on specific dates • Start mailbox audit log report • Search for external access • Show running audit log searches
  12. 12. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Auditing across Office 365 applications • Recently Microsoft has added more auditing and reporting around SharePoint Online and OneDrive • Office 365 compliance center • Search-UnifiedAuditLog • AzureActiveDirectory • AzureActiveDirectoryAccountLogon • ExchangeAdmin • ExchangeItem • ExchangeItemGroup • SharePoint • SharePointFileOperation
  13. 13. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Audit Storage Architecture
  14. 14. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 4 – Search Unified Audit Log • Search unified audit log • Convert audit data from JSON format • Search for SharePoint file operations • Search for Azure AD operations • Search for Azure AD account login operations
  15. 15. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Reporting web service Office 365 Reporting web service reference page Office 365 reporting-related Windows PowerShell cmdlets CsActiveUser* reports Get-CsAVConferenceTimeReport CsAVConferenceTime* reports Get-CsActiveUserReport CsConference* reports Get-CsConferenceReport CsP2PAVTime* reports Get-CsP2PAVTimeReport CsP2PSession* reports Get-CsP2PSessionReport ConnectionbyClientType* reports Get-ConnectionByClientTypeReport ConnectionbyClientTypeDetail* reports Get-ConnectionByClientTypeDetailReport GroupActivity* reports Get-GroupActivityReport MailboxActivity* reports Get-MailboxActivityReport MailboxUsage report Get-MailboxUsageReport MailboxUsageDetail report Get-MailboxUsageDetailReport MailDetail report Get-MailDetailReport MailDetailDlpPolicy report Get-MailDetailDlpPolicyReport MailDetailMalware report Get-MailDetailMalwareReport MailDetailSpam report Get-MailDetailSpamReport MailDetailTransportRule report Get-MailDetailTransportRuleReport MailFilterList report Get-MailFilterListReport MailTraffic report Get-MailTrafficReport MailTrafficPolicy report Get-MailTrafficPolicyReport MailTrafficSummary reports Get-MailTrafficSummaryReport MailTrafficTop report Get-MailTrafficTopReport MessageTrace report Get-MessageTrace MessageTraceDetail report Get-MessageTraceDetail MxRecordReport report Get-MxRecordReport OutboundConnectorReport report Get-OutboundConnectorReport ServiceDeliveryReport report Get-ServiceDeliveryReport StaleMailbox report Get-StaleMailboxReport StaleMailboxDetail report Get-StaleMailboxDetailReport
  16. 16. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 5 – Reporting Web Service • Mx record report • Outbound connector report • Mail traffic summary report • Stale mailbox detail report • Connection by client type report • Av conference time report
  17. 17. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Security & Compliance Center • Intended to be single portal for all Security & Compliance administration needs • Work in progress
  18. 18. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 6 – Security & Compliance Center • Separate PowerShell connection • Available commands • Reports • Compliance Search
  19. 19. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Accessing GUI Mailbox Audit Reports • EAC > Compliance Management > Auditing • Office 365 Compliance Center
  20. 20. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Demo 7 – Office 365 GUI reports
  21. 21. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Summary • PowerShell is the best native way to get information out of Office 365 auditing and reporting • Office 365 canned reports are not currently very flexible • PowerShell reports may not be acceptable for management
  22. 22. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Q&A
  23. 23. A W A R D W I N N I N G E X C H A N G E & O F F I C E 3 6 5 M A N A G E M E N T Thank You www.enowsoftware.com

×