SlideShare a Scribd company logo

Making auditing great again! Office 365

Download as PPTX, PDF
Paul Hunt
Paul Hunt

This document summarizes a presentation on auditing in SharePoint and Office 365. It discusses: 1. Configuring auditing at the SharePoint site collection level, including limitations of a 90 day retention period. 2. The Office 365 unified audit log which covers multiple workloads but also has a 90 day retention period. Methods for extracting the unified audit log using the Management API are presented. 3. Storing and reporting on extracted audit data from the unified audit log using Azure SQL for long term retention beyond 90 days.

1 of 46
SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: IT PRO | Level: 200 Making auditing great again! Paul Hunt - MVP
PlatinumGoldSilver
• Solutions Architect for Trustmarque • Co-organiser of SUGUK London Region • Member of the SharePoint community since 2007 • Third time Office Server & Services MVP in 2017 • Woodturner Who am I? • Paul Hunt • @Cimares • www.myfatblog.co.uk • www.trustmarque.com
• Solutions Architect for Trustmarque • Co-organiser of SUGUK London Region • Member of the SharePoint community since 2007 • Third time Office Server & Services MVP in 2017 • Woodturner Who am I? • Paul Hunt • @Cimares • www.myfatblog.co.uk • www.trustmarque.com
SharePoint Saturday Belgium 2017 • October 21 • Brussels Agenda The importance of records Office 365 Audit comparison SharePoint Site Collection auditing SharePoint Audit in the Unified Audit Log Extracting the Unified Audit Log
The importance of records Beware of false knowledge; it is more dangerous than ignorance. George Bernard Shaw
The importance of records “If I were to run, I’d run as a republican. They’re the dumbest group of voters in the country. They believe anything on fox News. I could lie and they’d still eat it up. I bet my numbers would be terrific” FALSE
The importance of records • People magazine keep every copy of every magazine that has been printed. • There was no record of a 1998 interview. • No article printed in the 80s or 90s contain mention of the Republican party in articles about Donald Trump.
The importance of records “Not a lot of people know that..” Michael Caine FALSE
The importance of records • https://youtu.be/hY85a15n5QY • Peter Sellers apparently used this on his answering machine and repeated it in a Parkinson interview in the 70s. • Michael Caine has confirmed he never used the phrase until it was added as an in-joke to the film Educating Rita in 1983.
GDPR – Helping to prove compliance • GDPR does not mandate auditing of data. • Audit data assists in proving compliance but does not make you compliant. • Helps to identify unauthorised data access
You don’t need to audit everything! • Targeted auditing is easier: • To manage • To report on • To monitor • Auditing is pointless is you cannot interrogate and understand the data.
Understanding your organisation’s audit needs is NOT an IT function! IT should facilitate, not drive the need for Audit.
Audit everything is not a good option!
SharePoint Saturday Belgium 2017 • October 21 • Brussels Audit availability in Office 365
Auditing availability in Office 365 SharePoint Online Auditing • Configured per site collection • 90 day limit enforced (30 day minimum?) • Extracted automatically (if configured) • Can’t configure in EDGE! • Doesn’t record VIEW activities • OneDrive auditing difficult to manage. Office 365 Unified Audit • Broad spectrum of coverage (Beyond just SharePoint!) • 90 day limit • Manual/App based extraction • Doesn’t record LIST ITEM activities. (This includes changing DOCUMENT metadata!) • Integrates with ASM (E5)
SharePoint Saturday Belgium 2017 • October 21 • Brussels SharePoint Site Collection Audit Configuration
Configuring Site Collection Auditing • Configured on a per site collection basis. • Limited to a maximum of 90 days
Configuring Site Collection Auditing • Configured on a per site collection basis. • Limited to a maximum of 90 days
Audit log view link Classic team site Modern site /_layouts/15/Reporting.aspx?Category=Auditing
Demo: SharePoint Site Collection Audit
SharePoint Saturday Belgium 2017 • October 21 • Brussels Office 365 Unified Audit Configuration
Unified Audit functionality in Office 365 • User Activity • SharePoint & OneDrive • Exchange Online (requires mailbox audit logging!) • Sway* • PowerBI • Teams (Not messages!) • Yammer* • Dynamics 365 • Flow (On it’s way!) • Admin Activity • Azure Active Directory • SharePoint Online • Exchange Online • Sway* • PowerBI • Teams • Yammer* • eDiscovery • Flow (On it’s way!) Note: This list is slowly being increased!
Unified audit lag times Workload 30 Mins 24 Hours SharePoint Online and OneDrive for Business X Exchange Online X Azure Active Directory (User login events) X Azure Active Directory (admin events) X Sway X PowerBI X Yammer X Security & Compliance Centre (eDiscovery) X Teams X Dynamics 365 X Flow (When it arrives) X
Turning on Unified O365 auditing • Sign in to Security & Compliance Centre. • Select Search & Investigation/Audit Log Search
Searching the Unified Audit log
Searching the Unified Audit log
Searching the Unified Audit log - Filter & Export
Demo: Configuring & Searching the O365 Unified Audit log
Additional steps for Exchange • Connect using Exchange Online PowerShell Module.* • Set-mailbox “name” –AuditEnabled $true • Default Audit gives: *Now supports MFA & ADFS Admin Delegate Owner Update Update None Move MoveToDeletedItems SoftDelete SoftDelete HardDelete HardDelete FolderBind SendAs SendAs SendOnBehalf Create Create
Audit actions available Action Admin Delegate Owner Copy Yes No No Create Yes* Yes* Yes FolderBind Yes* Yes** No HardDelete Yes* Yes* Yes MailboxLogin No No Yes*** MessageBind Yes No No Move Yes* Yes Yes MoveToDeleteItems Yes* Yes Yes SendAs Yes* Yes No SendOnBehalf Yes* Yes No SoftDelete Yes* Yes* Yes Update Yes* Yes* Yes Bind = Open or Read (including preview pane) * - Default action auditing when enabled. ** - Aggregated for a 24 hour period *** - Only applies to POP3/IMAP4 or Oauth logins. Does not track NTLM or Kerberos logins
But I need more than 90 days worth of audit!
SharePoint Saturday Belgium 2017 • October 21 • Brussels Extracting the O365 Unified Audit Log using the Management API
Options for Extracting the Unified Audit log Pull method • Register your APP! • Register a collector subscription • Download a manifest file • Download content blobs listed in Manifest. • Process data into backend storage Push method • Register your APP! • Register a collector subscription • Register a WebHook • Content blob manifests are pushed to the Webhook. • Download content blobs when notified. • Process data into backend storage Note: Subscribed data is available for 7 days only!
Registering Your APP ID in Azure AD. • Requires Web app/API configuration • And Tenant level permissions.
Don’t forget to GRANT permissions
Registering a collector subscription Available for 5 Content Types • Audit.AzureActiveDirectory • Audit.Exchange • Audit.SharePoint • Audit.General (Sway, Yammer etc) • DLP.All Notes: • When a subscription is registered, it can take up to 12 hours for the first content to be available. • DLP.All is only available to users with the “Read DLP Sensitive Data” permission.
Retrieving the Blob Manifest • Returns a collection of JSON objects contentUri : https://manage.office.com/api/v1.0/d3c8c691-7321-4cc4-ac08-7c a6f05be84c/activity/feed/audit/20170809160530886001699$201708 09160530886001699$audit_sharepoint$Audit_SharePoint contentId : 20170809160530886001699$20170809160530886001699$audit_sharepo int$Audit_SharePoint contentType : Audit.SharePoint contentCreated : 2017-08-09T16:05:30.886Z contentExpiration : 2017-08-16T16:05:30.886Z
Retrieving the Blob Content • Returns a collection of JSON objects CreationTime : 2017-08-15T10:30:58 Id : 93c5b9d0-f916-46d0-7a2f-08d4e3c8b7db Operation : FileUploaded OrganizationId : d3c8c691-7321-4cc4-ac08-7ca6f05be84c RecordType : 6 UserKey : i:0h.f|membership|10037ffe9e27c68a@live.com UserType : 0 Version : 1 Workload : SharePoint ClientIP : 52.169.28.217 ObjectId : https://wharfconsulting.sharepoint.com/sites/audit-test-c/Audit Samples/Prime Minister without Education and skills.txt UserId : joan.jett@wharf-media.co.uk EventSource : SharePoint ItemType : File ListId : 7db7d957-69fc-4c2d-b191-82868c1928be ListItemUniqueId : b081f0c2-f055-437f-b128-8666bead8ddd Site : ad4040da-0b0a-4059-958c-5f6c27d181e6 WebId : 97c2f404-3aa8-4efd-8e34-6736c3aefcec SourceFileExtension : txt SiteUrl : https://wharfconsulting.sharepoint.com/sites/audit-test-c/ SourceFileName : Prime Minister without Education and skills.txt SourceRelativeUrl : Audit Samples
Where to put all that data?
Gotchas! • Subscription content expires 7 days after collection. • Watch out for oAuth token expiry. • Beware the back-off command. MS will throttle excessive requests.
Demo: Extracting the Unified Audit Log
Reporting on your audit data from Azure SQL
Questions?
References • Office 365 Management Activity API Reference
SharePoint Saturday Belgium 2017 • October 21 • Brussels Thank You!

Recommended

Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Chirag Patel
 
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideSPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
Stephan Bisser
 
O365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data martO365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data mart
NCCOMMS
 
O365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricksO365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricks
NCCOMMS
 
O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365
NCCOMMS
 
O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!
NCCOMMS
 
Introduction to Microsoft Flow and Azure Functions
Introduction to Microsoft Flow and Azure FunctionsIntroduction to Microsoft Flow and Azure Functions
Introduction to Microsoft Flow and Azure Functions
BIWUG
 
Office 365, Practical Adoption Strategies
Office 365, Practical Adoption StrategiesOffice 365, Practical Adoption Strategies
Office 365, Practical Adoption Strategies
BIWUG
 

Recommended

Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Ensuring Successful Office 365 Tenant to Tenant Migration SPS Cambridge 2017...
Chirag Patel
 
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial GuideSPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
SPSVienna Office 365 Tenant to Tenant Migration - a complete Survial Guide
Stephan Bisser
 
O365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data martO365Engage17 - Making sense of the office 365 audit data mart
O365Engage17 - Making sense of the office 365 audit data mart
NCCOMMS
 
O365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricksO365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricks
NCCOMMS
 
O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365O365Engage17 - Modern collaboration in teams and projects powered by office 365
O365Engage17 - Modern collaboration in teams and projects powered by office 365
NCCOMMS
 
O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!O365Engage17 - Microsoft certifications from zero to certified!
O365Engage17 - Microsoft certifications from zero to certified!
NCCOMMS
 
Introduction to Microsoft Flow and Azure Functions
Introduction to Microsoft Flow and Azure FunctionsIntroduction to Microsoft Flow and Azure Functions
Introduction to Microsoft Flow and Azure Functions
BIWUG
 
Office 365, Practical Adoption Strategies
Office 365, Practical Adoption StrategiesOffice 365, Practical Adoption Strategies
Office 365, Practical Adoption Strategies
BIWUG
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
NCCOMMS
 
Extending Teams & Groups
Extending Teams & GroupsExtending Teams & Groups
Extending Teams & Groups
BIWUG
 
O365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershellO365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershell
NCCOMMS
 
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
BIWUG
 
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
NCCOMMS
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
NCCOMMS
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
NCCOMMS
 
O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365
NCCOMMS
 
O365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid searchO365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid search
NCCOMMS
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
NCCOMMS
 
PowerApps and Flow, one year later
PowerApps and Flow, one year laterPowerApps and Flow, one year later
PowerApps and Flow, one year later
BIWUG
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
NCCOMMS
 
O365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for BusinessO365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for Business
NCCOMMS
 
O365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph apiO365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph api
NCCOMMS
 
O365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point appsO365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point apps
NCCOMMS
 
Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365
BIWUG
 
O365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminologyO365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminology
NCCOMMS
 
SPS Toronto 2015
SPS Toronto 2015SPS Toronto 2015
SPS Toronto 2015
Mike Maadarani
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
NCCOMMS
 
Microsoft flow how, when & why
Microsoft flow how, when & whyMicrosoft flow how, when & why
Microsoft flow how, when & why
DocFluix, LLC
 
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-PremiseWebinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
WithumSmith+Brown, formerly Portal Solutions
 
Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations
WithumSmith+Brown, formerly Portal Solutions
 

More Related Content

What's hot

O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
NCCOMMS
 
Extending Teams & Groups
Extending Teams & GroupsExtending Teams & Groups
Extending Teams & Groups
BIWUG
 
O365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershellO365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershell
NCCOMMS
 
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
BIWUG
 
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
NCCOMMS
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
NCCOMMS
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
NCCOMMS
 
O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365
NCCOMMS
 
O365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid searchO365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid search
NCCOMMS
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
NCCOMMS
 
PowerApps and Flow, one year later
PowerApps and Flow, one year laterPowerApps and Flow, one year later
PowerApps and Flow, one year later
BIWUG
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
NCCOMMS
 
O365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for BusinessO365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for Business
NCCOMMS
 
O365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph apiO365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph api
NCCOMMS
 
O365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point appsO365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point apps
NCCOMMS
 
Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365
BIWUG
 
O365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminologyO365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminology
NCCOMMS
 
SPS Toronto 2015
SPS Toronto 2015SPS Toronto 2015
SPS Toronto 2015
Mike Maadarani
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
NCCOMMS
 
Microsoft flow how, when & why
Microsoft flow how, when & whyMicrosoft flow how, when & why
Microsoft flow how, when & why
DocFluix, LLC
 

What's hot (20)

O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
 
Extending Teams & Groups
Extending Teams & GroupsExtending Teams & Groups
Extending Teams & Groups
 
O365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershellO365Engage17 - Managing share point online end to-end with powershell
O365Engage17 - Managing share point online end to-end with powershell
 
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
Yo Office! Use your SPFx Skills to Build Add-Ins for Word, Excel, Outlook and...
 
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
O365Engage17 - What You Need to Know About Migrating to Exchange Online in 2017
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
 
O365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyondO365Engage17 - Mobile device management options in office 365 and beyond
O365Engage17 - Mobile device management options in office 365 and beyond
 
O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365O365Engage17 - Ins and outs of monitoring office 365
O365Engage17 - Ins and outs of monitoring office 365
 
O365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid searchO365Engage17 - Configuring share point hybrid search
O365Engage17 - Configuring share point hybrid search
 
O365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deploymentO365Engage17 - After the migration – managing your office 365 deployment
O365Engage17 - After the migration – managing your office 365 deployment
 
PowerApps and Flow, one year later
PowerApps and Flow, one year laterPowerApps and Flow, one year later
PowerApps and Flow, one year later
 
O365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excelO365Engage17 - How to get valuable insights with log parser and excel
O365Engage17 - How to get valuable insights with log parser and excel
 
O365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for BusinessO365Engage17 - Working With OneDrive for Business
O365Engage17 - Working With OneDrive for Business
 
O365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph apiO365Engage17 - Building portals with microsoft graph api
O365Engage17 - Building portals with microsoft graph api
 
O365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point appsO365Engage17 - New dawn of share point apps
O365Engage17 - New dawn of share point apps
 
Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365Use PowerShell superpower to tame your Office 365
Use PowerShell superpower to tame your Office 365
 
O365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminologyO365Engage17 - Azure 101 terminology
O365Engage17 - Azure 101 terminology
 
SPS Toronto 2015
SPS Toronto 2015SPS Toronto 2015
SPS Toronto 2015
 
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
O365Engage17 - Getting Away from Google, Best Practises for Migrating to Offi...
 
Microsoft flow how, when & why
Microsoft flow how, when & whyMicrosoft flow how, when & why
Microsoft flow how, when & why
 

Similar to Making auditing great again! Office 365

Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-PremiseWebinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
WithumSmith+Brown, formerly Portal Solutions
 
Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations
WithumSmith+Brown, formerly Portal Solutions
 
Katpro Technologies- SharePoint Portfolio
Katpro Technologies- SharePoint PortfolioKatpro Technologies- SharePoint Portfolio
Katpro Technologies- SharePoint Portfolio
Katpro Technologies Pvt Ltd
 
Webinar: SharePoint Online: How Do We Think About SharePoint Now?
Webinar: SharePoint Online: How Do We Think About SharePoint Now?Webinar: SharePoint Online: How Do We Think About SharePoint Now?
Webinar: SharePoint Online: How Do We Think About SharePoint Now?
WithumSmith+Brown, formerly Portal Solutions
 
Obiee 12c: Look under the bonnet and test drive
Obiee 12c: Look under the bonnet and test driveObiee 12c: Look under the bonnet and test drive
Obiee 12c: Look under the bonnet and test drive
Guillaume Slee
 
Application Insights for Integration Developers
Application Insights for Integration DevelopersApplication Insights for Integration Developers
Application Insights for Integration Developers
Sriram Hariharan
 
Tracking and business intelligence
Tracking and business intelligenceTracking and business intelligence
Tracking and business intelligence
Sebastian Schleicher
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
DIWUG
 
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
Sebastien Goiffon
 
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
Netwoven Inc.
 
October 2018 Office 365 Need to Know Webinar
October 2018 Office 365 Need to Know WebinarOctober 2018 Office 365 Need to Know Webinar
October 2018 Office 365 Need to Know Webinar
Robert Crane
 
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
Mike Maadarani
 
Office365 Governance Is Changing!!
Office365 Governance Is Changing!!Office365 Governance Is Changing!!
Office365 Governance Is Changing!!
Stacy Deere
 
Practical Tips for Migrating SharePoint Customizations to Office 365
Practical Tips for Migrating SharePoint Customizations to Office 365Practical Tips for Migrating SharePoint Customizations to Office 365
Practical Tips for Migrating SharePoint Customizations to Office 365
Haniel Croitoru
 
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
Vincent Biret
 
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
Bill England
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...
Zoho Corporation
 
Building the Perfect Office 365 Tenant
Building the Perfect Office 365 TenantBuilding the Perfect Office 365 Tenant
Building the Perfect Office 365 Tenant
BIWUG
 
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBEBuilding the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
Chirag Patel
 
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
Don Donais
 

Similar to Making auditing great again! Office 365 (20)

Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-PremiseWebinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
Webinar: The Slippery Slope of Migrating to SharePoint Online or On-Premise
 
Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations Webinar: Slippery Slope of SharePoint Migrations
Webinar: Slippery Slope of SharePoint Migrations
 
Katpro Technologies- SharePoint Portfolio
Katpro Technologies- SharePoint PortfolioKatpro Technologies- SharePoint Portfolio
Katpro Technologies- SharePoint Portfolio
 
Webinar: SharePoint Online: How Do We Think About SharePoint Now?
Webinar: SharePoint Online: How Do We Think About SharePoint Now?Webinar: SharePoint Online: How Do We Think About SharePoint Now?
Webinar: SharePoint Online: How Do We Think About SharePoint Now?
 
Obiee 12c: Look under the bonnet and test drive
Obiee 12c: Look under the bonnet and test driveObiee 12c: Look under the bonnet and test drive
Obiee 12c: Look under the bonnet and test drive
 
Application Insights for Integration Developers
Application Insights for Integration DevelopersApplication Insights for Integration Developers
Application Insights for Integration Developers
 
Tracking and business intelligence
Tracking and business intelligenceTracking and business intelligence
Tracking and business intelligence
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
 
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
Case study: Life Cycle Management for SAP BusinessObjects platform as well as...
 
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
Nuts and Bolts of Building Compliance Process with Nintex and SharePoint 2013
 
October 2018 Office 365 Need to Know Webinar
October 2018 Office 365 Need to Know WebinarOctober 2018 Office 365 Need to Know Webinar
October 2018 Office 365 Need to Know Webinar
 
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
Tricks and Tips in Migrating to Office 365 and On-Premises to acoid migration...
 
Office365 Governance Is Changing!!
Office365 Governance Is Changing!!Office365 Governance Is Changing!!
Office365 Governance Is Changing!!
 
Practical Tips for Migrating SharePoint Customizations to Office 365
Practical Tips for Migrating SharePoint Customizations to Office 365Practical Tips for Migrating SharePoint Customizations to Office 365
Practical Tips for Migrating SharePoint Customizations to Office 365
 
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
#SPSBrussels 2017 vincent biret #azure #functions microsoft #flow
 
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
Aiim Seminar - SharePoint Crossroads May 23 - Bending but Not Breaking - Spea...
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...
 
Building the Perfect Office 365 Tenant
Building the Perfect Office 365 TenantBuilding the Perfect Office 365 Tenant
Building the Perfect Office 365 Tenant
 
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBEBuilding the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
Building the Perfect Office 365 Tenant - SharePoint Saturday Belgium 2017 #SPSBE
 
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
SharePoint Workflows - SharePoint Saturday Twin Cities April 2012
 

More from Paul Hunt

Exploring conditional access to content stored in Office 365 - SPS Helsinki
Exploring conditional access to content stored in Office 365 - SPS HelsinkiExploring conditional access to content stored in Office 365 - SPS Helsinki
Exploring conditional access to content stored in Office 365 - SPS Helsinki
Paul Hunt
 
Exploring conditional access to content stored in office 365 spsce
Exploring conditional access to content stored in office 365 spsceExploring conditional access to content stored in office 365 spsce
Exploring conditional access to content stored in office 365 spsce
Paul Hunt
 
Exploring conditional access to content stored in Office 365
Exploring conditional access to content stored in Office 365Exploring conditional access to content stored in Office 365
Exploring conditional access to content stored in Office 365
Paul Hunt
 
What do you mean 90 days isnt enough
What do you mean 90 days isnt enoughWhat do you mean 90 days isnt enough
What do you mean 90 days isnt enough
Paul Hunt
 
Spsnl18 exploring identity management options in office 365
Spsnl18 exploring identity management options in office 365Spsnl18 exploring identity management options in office 365
Spsnl18 exploring identity management options in office 365
Paul Hunt
 
Spunite exploring identity management options in office 365
Spunite exploring identity management options in office 365Spunite exploring identity management options in office 365
Spunite exploring identity management options in office 365
Paul Hunt
 
#SPSLondon - Session 2 JSLink for IT Pros
#SPSLondon - Session 2 JSLink for IT Pros#SPSLondon - Session 2 JSLink for IT Pros
#SPSLondon - Session 2 JSLink for IT Pros
Paul Hunt
 
#SPSLondon - Session 1 - Building an faq for end users
#SPSLondon - Session 1 - Building an faq for end users#SPSLondon - Session 1 - Building an faq for end users
#SPSLondon - Session 1 - Building an faq for end users
Paul Hunt
 
SPSBE building an faq for end users
SPSBE building an faq for end usersSPSBE building an faq for end users
SPSBE building an faq for end users
Paul Hunt
 
JSLink for ITPros - SharePoint Saturday Jersey
JSLink for ITPros - SharePoint Saturday JerseyJSLink for ITPros - SharePoint Saturday Jersey
JSLink for ITPros - SharePoint Saturday Jersey
Paul Hunt
 
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
Paul Hunt
 
SUGUK Cambridge - Display Templates & JSLink for IT Pros
SUGUK Cambridge - Display Templates & JSLink for IT ProsSUGUK Cambridge - Display Templates & JSLink for IT Pros
SUGUK Cambridge - Display Templates & JSLink for IT Pros
Paul Hunt
 
Spsbe using js-linkanddisplaytemplates
Spsbe using js-linkanddisplaytemplatesSpsbe using js-linkanddisplaytemplates
Spsbe using js-linkanddisplaytemplates
Paul Hunt
 
SPSSTHLM - Using JSLink and Display Templates for ITPros
SPSSTHLM - Using JSLink and Display Templates for ITProsSPSSTHLM - Using JSLink and Display Templates for ITPros
SPSSTHLM - Using JSLink and Display Templates for ITPros
Paul Hunt
 
Using js link and display templates
Using js link and display templatesUsing js link and display templates
Using js link and display templates
Paul Hunt
 
Iw411 migrating content by search from 2010 into 2013 - minified
Iw411 migrating content by search from 2010 into 2013 - minifiedIw411 migrating content by search from 2010 into 2013 - minified
Iw411 migrating content by search from 2010 into 2013 - minified
Paul Hunt
 

More from Paul Hunt (16)

Exploring conditional access to content stored in Office 365 - SPS Helsinki
Exploring conditional access to content stored in Office 365 - SPS HelsinkiExploring conditional access to content stored in Office 365 - SPS Helsinki
Exploring conditional access to content stored in Office 365 - SPS Helsinki
 
Exploring conditional access to content stored in office 365 spsce
Exploring conditional access to content stored in office 365 spsceExploring conditional access to content stored in office 365 spsce
Exploring conditional access to content stored in office 365 spsce
 
Exploring conditional access to content stored in Office 365
Exploring conditional access to content stored in Office 365Exploring conditional access to content stored in Office 365
Exploring conditional access to content stored in Office 365
 
What do you mean 90 days isnt enough
What do you mean 90 days isnt enoughWhat do you mean 90 days isnt enough
What do you mean 90 days isnt enough
 
Spsnl18 exploring identity management options in office 365
Spsnl18 exploring identity management options in office 365Spsnl18 exploring identity management options in office 365
Spsnl18 exploring identity management options in office 365
 
Spunite exploring identity management options in office 365
Spunite exploring identity management options in office 365Spunite exploring identity management options in office 365
Spunite exploring identity management options in office 365
 
#SPSLondon - Session 2 JSLink for IT Pros
#SPSLondon - Session 2 JSLink for IT Pros#SPSLondon - Session 2 JSLink for IT Pros
#SPSLondon - Session 2 JSLink for IT Pros
 
#SPSLondon - Session 1 - Building an faq for end users
#SPSLondon - Session 1 - Building an faq for end users#SPSLondon - Session 1 - Building an faq for end users
#SPSLondon - Session 1 - Building an faq for end users
 
SPSBE building an faq for end users
SPSBE building an faq for end usersSPSBE building an faq for end users
SPSBE building an faq for end users
 
JSLink for ITPros - SharePoint Saturday Jersey
JSLink for ITPros - SharePoint Saturday JerseyJSLink for ITPros - SharePoint Saturday Jersey
JSLink for ITPros - SharePoint Saturday Jersey
 
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
 
SUGUK Cambridge - Display Templates & JSLink for IT Pros
SUGUK Cambridge - Display Templates & JSLink for IT ProsSUGUK Cambridge - Display Templates & JSLink for IT Pros
SUGUK Cambridge - Display Templates & JSLink for IT Pros
 
Spsbe using js-linkanddisplaytemplates
Spsbe using js-linkanddisplaytemplatesSpsbe using js-linkanddisplaytemplates
Spsbe using js-linkanddisplaytemplates
 
SPSSTHLM - Using JSLink and Display Templates for ITPros
SPSSTHLM - Using JSLink and Display Templates for ITProsSPSSTHLM - Using JSLink and Display Templates for ITPros
SPSSTHLM - Using JSLink and Display Templates for ITPros
 
Using js link and display templates
Using js link and display templatesUsing js link and display templates
Using js link and display templates
 
Iw411 migrating content by search from 2010 into 2013 - minified
Iw411 migrating content by search from 2010 into 2013 - minifiedIw411 migrating content by search from 2010 into 2013 - minified
Iw411 migrating content by search from 2010 into 2013 - minified
 

Recently uploaded

Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 

Making auditing great again! Office 365

  • 1. SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: IT PRO | Level: 200 Making auditing great again! Paul Hunt - MVP
  • 3. • Solutions Architect for Trustmarque • Co-organiser of SUGUK London Region • Member of the SharePoint community since 2007 • Third time Office Server & Services MVP in 2017 • Woodturner Who am I? • Paul Hunt • @Cimares • www.myfatblog.co.uk • www.trustmarque.com
  • 4. • Solutions Architect for Trustmarque • Co-organiser of SUGUK London Region • Member of the SharePoint community since 2007 • Third time Office Server & Services MVP in 2017 • Woodturner Who am I? • Paul Hunt • @Cimares • www.myfatblog.co.uk • www.trustmarque.com
  • 5. SharePoint Saturday Belgium 2017 • October 21 • Brussels Agenda The importance of records Office 365 Audit comparison SharePoint Site Collection auditing SharePoint Audit in the Unified Audit Log Extracting the Unified Audit Log
  • 6. The importance of records Beware of false knowledge; it is more dangerous than ignorance. George Bernard Shaw
  • 7. The importance of records “If I were to run, I’d run as a republican. They’re the dumbest group of voters in the country. They believe anything on fox News. I could lie and they’d still eat it up. I bet my numbers would be terrific” FALSE
  • 8. The importance of records • People magazine keep every copy of every magazine that has been printed. • There was no record of a 1998 interview. • No article printed in the 80s or 90s contain mention of the Republican party in articles about Donald Trump.
  • 9. The importance of records “Not a lot of people know that..” Michael Caine FALSE
  • 10. The importance of records • https://youtu.be/hY85a15n5QY • Peter Sellers apparently used this on his answering machine and repeated it in a Parkinson interview in the 70s. • Michael Caine has confirmed he never used the phrase until it was added as an in-joke to the film Educating Rita in 1983.
  • 11. GDPR – Helping to prove compliance • GDPR does not mandate auditing of data. • Audit data assists in proving compliance but does not make you compliant. • Helps to identify unauthorised data access
  • 12. You don’t need to audit everything! • Targeted auditing is easier: • To manage • To report on • To monitor • Auditing is pointless is you cannot interrogate and understand the data.
  • 13. Understanding your organisation’s audit needs is NOT an IT function! IT should facilitate, not drive the need for Audit.
  • 14. Audit everything is not a good option!
  • 15. SharePoint Saturday Belgium 2017 • October 21 • Brussels Audit availability in Office 365
  • 16. Auditing availability in Office 365 SharePoint Online Auditing • Configured per site collection • 90 day limit enforced (30 day minimum?) • Extracted automatically (if configured) • Can’t configure in EDGE! • Doesn’t record VIEW activities • OneDrive auditing difficult to manage. Office 365 Unified Audit • Broad spectrum of coverage (Beyond just SharePoint!) • 90 day limit • Manual/App based extraction • Doesn’t record LIST ITEM activities. (This includes changing DOCUMENT metadata!) • Integrates with ASM (E5)
  • 17. SharePoint Saturday Belgium 2017 • October 21 • Brussels SharePoint Site Collection Audit Configuration
  • 18. Configuring Site Collection Auditing • Configured on a per site collection basis. • Limited to a maximum of 90 days
  • 19. Configuring Site Collection Auditing • Configured on a per site collection basis. • Limited to a maximum of 90 days
  • 20. Audit log view link Classic team site Modern site /_layouts/15/Reporting.aspx?Category=Auditing
  • 21. Demo: SharePoint Site Collection Audit
  • 22. SharePoint Saturday Belgium 2017 • October 21 • Brussels Office 365 Unified Audit Configuration
  • 23. Unified Audit functionality in Office 365 • User Activity • SharePoint & OneDrive • Exchange Online (requires mailbox audit logging!) • Sway* • PowerBI • Teams (Not messages!) • Yammer* • Dynamics 365 • Flow (On it’s way!) • Admin Activity • Azure Active Directory • SharePoint Online • Exchange Online • Sway* • PowerBI • Teams • Yammer* • eDiscovery • Flow (On it’s way!) Note: This list is slowly being increased!
  • 24. Unified audit lag times Workload 30 Mins 24 Hours SharePoint Online and OneDrive for Business X Exchange Online X Azure Active Directory (User login events) X Azure Active Directory (admin events) X Sway X PowerBI X Yammer X Security & Compliance Centre (eDiscovery) X Teams X Dynamics 365 X Flow (When it arrives) X
  • 25. Turning on Unified O365 auditing • Sign in to Security & Compliance Centre. • Select Search & Investigation/Audit Log Search
  • 28. Searching the Unified Audit log - Filter & Export
  • 29. Demo: Configuring & Searching the O365 Unified Audit log
  • 30. Additional steps for Exchange • Connect using Exchange Online PowerShell Module.* • Set-mailbox “name” –AuditEnabled $true • Default Audit gives: *Now supports MFA & ADFS Admin Delegate Owner Update Update None Move MoveToDeletedItems SoftDelete SoftDelete HardDelete HardDelete FolderBind SendAs SendAs SendOnBehalf Create Create
  • 31. Audit actions available Action Admin Delegate Owner Copy Yes No No Create Yes* Yes* Yes FolderBind Yes* Yes** No HardDelete Yes* Yes* Yes MailboxLogin No No Yes*** MessageBind Yes No No Move Yes* Yes Yes MoveToDeleteItems Yes* Yes Yes SendAs Yes* Yes No SendOnBehalf Yes* Yes No SoftDelete Yes* Yes* Yes Update Yes* Yes* Yes Bind = Open or Read (including preview pane) * - Default action auditing when enabled. ** - Aggregated for a 24 hour period *** - Only applies to POP3/IMAP4 or Oauth logins. Does not track NTLM or Kerberos logins
  • 32. But I need more than 90 days worth of audit!
  • 33. SharePoint Saturday Belgium 2017 • October 21 • Brussels Extracting the O365 Unified Audit Log using the Management API
  • 34. Options for Extracting the Unified Audit log Pull method • Register your APP! • Register a collector subscription • Download a manifest file • Download content blobs listed in Manifest. • Process data into backend storage Push method • Register your APP! • Register a collector subscription • Register a WebHook • Content blob manifests are pushed to the Webhook. • Download content blobs when notified. • Process data into backend storage Note: Subscribed data is available for 7 days only!
  • 35. Registering Your APP ID in Azure AD. • Requires Web app/API configuration • And Tenant level permissions.
  • 36. Don’t forget to GRANT permissions
  • 37. Registering a collector subscription Available for 5 Content Types • Audit.AzureActiveDirectory • Audit.Exchange • Audit.SharePoint • Audit.General (Sway, Yammer etc) • DLP.All Notes: • When a subscription is registered, it can take up to 12 hours for the first content to be available. • DLP.All is only available to users with the “Read DLP Sensitive Data” permission.
  • 38. Retrieving the Blob Manifest • Returns a collection of JSON objects contentUri : https://manage.office.com/api/v1.0/d3c8c691-7321-4cc4-ac08-7c a6f05be84c/activity/feed/audit/20170809160530886001699$201708 09160530886001699$audit_sharepoint$Audit_SharePoint contentId : 20170809160530886001699$20170809160530886001699$audit_sharepo int$Audit_SharePoint contentType : Audit.SharePoint contentCreated : 2017-08-09T16:05:30.886Z contentExpiration : 2017-08-16T16:05:30.886Z
  • 39. Retrieving the Blob Content • Returns a collection of JSON objects CreationTime : 2017-08-15T10:30:58 Id : 93c5b9d0-f916-46d0-7a2f-08d4e3c8b7db Operation : FileUploaded OrganizationId : d3c8c691-7321-4cc4-ac08-7ca6f05be84c RecordType : 6 UserKey : i:0h.f|membership|10037ffe9e27c68a@live.com UserType : 0 Version : 1 Workload : SharePoint ClientIP : 52.169.28.217 ObjectId : https://wharfconsulting.sharepoint.com/sites/audit-test-c/Audit Samples/Prime Minister without Education and skills.txt UserId : joan.jett@wharf-media.co.uk EventSource : SharePoint ItemType : File ListId : 7db7d957-69fc-4c2d-b191-82868c1928be ListItemUniqueId : b081f0c2-f055-437f-b128-8666bead8ddd Site : ad4040da-0b0a-4059-958c-5f6c27d181e6 WebId : 97c2f404-3aa8-4efd-8e34-6736c3aefcec SourceFileExtension : txt SiteUrl : https://wharfconsulting.sharepoint.com/sites/audit-test-c/ SourceFileName : Prime Minister without Education and skills.txt SourceRelativeUrl : Audit Samples
  • 40. Where to put all that data?
  • 41. Gotchas! • Subscription content expires 7 days after collection. • Watch out for oAuth token expiry. • Beware the back-off command. MS will throttle excessive requests.
  • 42. Demo: Extracting the Unified Audit Log
  • 43. Reporting on your audit data from Azure SQL
  • 45. References • Office 365 Management Activity API Reference
  • 46. SharePoint Saturday Belgium 2017 • October 21 • Brussels Thank You!

Editor's Notes

  1. I also do woodturning, It’s cheaper than therapy!! SharePoint can be a lot like woodturning.. If you don’t pay attention to what you’re doing, it’s easy to make a mistake and go through the bottom of the bowl!
  2. Statements made in the past are often attributed to people, Politicians are a most excellent source of these examples. Donald Trump in an interview in People magazine is claimed to have made this statement. People magazines keep a copy of every magazine printed, none of which contain this statement. This is an example of audit history
  3. This supposed line became one of the most repeated “catch phrases” associated with Michael Caine… but he never uttered the words originally.. But the immortal line was uttered by Peter Sellers, when doing an impersonation of Michael Caine.
  4. The requirements for audit must come from the business. Audit Everything is not a solution! IT is a facilitator in this process
  5. That said, Office 365 pretty much does… but if we’re taking it offline, we just keep what we need.
  6. Note: 30 day minimum on SharePoint Online auditing.. I’m set to 5 days trimming, but seeing 30 days being actioned. This only changed in July this year so monitoring.
  7. Note: I’ve set it to 5 days, but I’m actually seeing the trim occur every 30 days in my tenant. Appears that the July change also enforced a minimum 30 days If you don’t specify a library, the data is deleted.
  8. Sway and Yammer auditing may not be available yet to all tenants. https://support.office.com/en-us/article/Detailed-properties-in-the-Office-365-audit-log-ce004100-9e7f-443e-942b-9b04098fcfc3
  9. Note: MS are in the process of turning on Audit by default.. But it’s not available yet!
  10. There’s a few options.. Download the logs from the Compliance centre.. Uses ADM (gives you 6 months) SCOM may let you extract (Need to verify) Office 365 Management API lets you extract data
  11. This goes back to our earlier comment on being able to search data. And don’t forget that GDPR will apply to this data too if it contains usernames (which it does..) You should only keep it for as long as you may need it.