SlideShare a Scribd company logo

Securing Office 365 with Activity Monitoring

Download as PPTX, PDF
A
AntonioMaio2

As organizations move their data to the cloud, business users are using a growing number of devices to be productive in their day to day work. As a result, many enterprises are facing new challenges in information security and compliance. Office 365 provides a robust set of features to help protect and secure corporate data. One of those capabilities is Office 365 Activity Monitoring, which allows you to monitor the actions of a particular user across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory. It also allows you to issue very detailed reports on those activities, which can facilitate investigations into security incidences. This session will review this new capability within Office 365 Activity Monitoring and discuss how it can help secure your cloud environment.

Internet
1 of 19
Securing Office 365 with Activity Monitoring Thank you for joining our webinar! We will begin shortly.
Introduction • ‘30 on Thursday’ Series • Bi-weekly 30 minute webinar series • Next Webinar: • October 22: “Building Nintex Mobile Apps” • Full Schedule: SharePoint.Protiviti.com/Webinars
Live Tweeting! Tweet us your questions & feedback during the webinar! Tweet @ProtivitiSP and use #30TOffice365
Today’s Session • Today’s session is being recorded • Archive of past sessions • SharePoint.Protiviti.com/ArchivedWebinars • Questions - Use the Question Window or tweet us your questions @ProtivitiSP using #30TOffice365
Session Overview • Topic: • Securing Office 365 with Activity Monitoring • Presenter: • Antonio Maio, SharePoint MVP • Moderator: • Julia Marple, Protiviti
LET’S GET STARTED!
Why Monitor and Audit Our Systems? • Meet Regulatory Compliance Obligations • Investigate Data Breaches • Audit Access to Sensitive Content
Office 365 Activity Monitoring Capabilities 1. Office 365 Activity Report 2. Comprehensive Event Logging 3. Search Powershell Cmdlet 4. Management Activity API
1. Office 365 Activity Report • Login to Office 365 • Navigate to Admin > Compliance Center > Reports > Office 365 Activity Report
1. Office 365 Activity Report • Search across SharePoint Online, OneDrive for Business, Exchange Online, Azure AD • Search by users, file, folder, site, by date range • Search by type of activity • View Activity Details (Details Pane) • Run Report on Demand • Export results to CSV
1. Office 365 Activity Report • With each event, up to 37 event properties are logged • Actor • ClientIP • ClientProcessName • CreationTime • DestinationFileExtension • DestinationFileName • DestinationRelativeUrl • EventSource • ExternalAccess • SourceFileName • SourceRelativeUrl • Subject • Target • UserAgent • UserID • UserKey • UserSharedWith • UserType • Workload • ID • InternalLogonType • ItemType • LogonType • MailboxGuid • MailboxOwnerUPN • ModifiedProperties • ObjectID • Operation • OrganizationID • Path • Parameters • RecordType • ResultStatus • SharingType • Site • SiteUrl • SourceFileExtension
2. Comprehensive Event Logging • User and administrator events are logged as users work within Office 365 • Over 150 events logged (Ex. view a file, mailbox owner activities, Azure AD login, etc.) • 9 Event Categories • Exchange admin events • Exchange mailbox events • File and folder events (SharePoint and OneDrive for Business) • Invitation and access request events (SharePoint and OneDrive for Business) • Sharing events (SharePoint and OneDrive for Business) • Site administration events (SharePoint and OneDrive for Business) • Synchronization events (SharePoint and OneDrive for Business) • Azure Active Directory events (Admin Activity and User Login)
2. Comprehensive Event Logging • Example: File and Folder Events Event Friendly name Description FileCheckedIn File checked in User checks in a document that they checked out from a SharePoint or OneDrive for Business document library. FileCheckedOut File checked out User checks out a document located in a SharePoint or OneDrive for Business document library. Users can check out and make changes to documents that have been shared with them. FileCheckOutDiscarded File checkout discarded User discards (or undos) a checked out file. That means any changes they made to the file when it was checked out are discarded, and not saved to the version of the document in the document library. FileCopied File copied User copies a document from a SharePoint or OneDrive for Business site. The copied file can be saved to another folder on the site. FileDeleted File deleted User deletes a document from a SharePoint or OneDrive for Business site. FileDownloaded File downloaded User downloads a document from a SharePoint or OneDrive for Business site. FileFetched File accessed User or system account accesses a file. When a user or the system performs an operation on a file, the file has to be located and accessed. The FileFetched event indicates that retrieval action. Note that many file and folder related events will have one or more corresponding FileFetched log entries. FileModified File modified User or system account modifies the content or the properties of a document located on a SharePoint or OneDrive for Business site. FileMoved File moved User moves a document from its current location on a SharePoint or OneDrive for Business site to a new location.. FileRenamed File renamed User renames a document on a SharePoint or OneDrive for Business site. FileRestored File restored User restores a document from the recycle bin of a SharePoint or OneDrive for Business site. FileUploaded File uploaded User uploads a document to a folder on a SharePoint or OneDrive for Business site. FileViewed File viewed User views a document on a SharePoint or OneDrive for Business site. System accounts can also generate FileViewed events.
2. Comprehensive Event Logging • Example: Sharing Events Event Friendly name Description ExternalSharingSet File or folder shared with external user User shares a file or folder located in SharePoint or OneDrive for Business with a user outside their organization. SharedLinkCreated Sharing link created User creates a link to a shared file in SharePoint or OneDrive for Business. This link can be sent to other people to give them access to the file. A user can create two types of links: a link that allows a user to view and edit the shared file, or a link that allows the user to just view the file. SharedLinkDisabled Sharing link disabled User disables (permanently) a link that was created to share a file. SharingRevoked File or folder unshared User unshares a file or folder that was previously shared with other users. This event is logged when a user stops sharing a file with other users. SharingSet File or folder shared User shares a file or folder located in SharePoint or OneDrive for Business with another user inside their organization.
3. Search Powershell Cmdlet • PowerShell Cmdlet: Search-UnifiedAuditLog Examples: Search-UnifiedAuditLog -StartDate September 1, 2015 -EndDate September 30, 2015 Search-UnifiedAuditLog -StartDate 9/1/2015 -EndDate 9/30/2015 -RecordType SharePointFileOperation -Operations FileViewed - ObjectIds docx • Script searches of the event logs, looking for specific details • Export logs to a file • Automate searches and reporting
4. Management Activity API (*Limited Preview) • Integrate Office 365 activity data into internal or 3rd party security and compliance monitoring and reporting solutions • Grant rights for your application to access event data using Azure AD Register the application in Azure AD to establish an identity for your application and specify the permission levels it needs in order to access the APIs • Let the Office 365 service know if your application has rights to access it Office 365 tenant admin must explicitly grant consent to allow your application to access their tenant data through the APIs. • Request Access Tokens from Azure AD Using the application’s credentials (as in Azure AD) the application will request “app-only” access tokens for a consented tenant on an ongoing basis, without the need for further tenant admin interaction. • Start Calling the Management API Subscribe to content types; Receive notifications when content is available; Retrieve content as JSON *During the limited preview period only registered participants may actually retrieve data through the API.
In Summary • Activity Monitoring/Reporting is just 1 aspect of Securing Information Systems • Key Drivers for Monitoring Activity and Auditing our Systems: • Enhance Compliance with Regulatory Standards • Enhance Access Control and Visibility into User Activity related to Content • Enable Detailed Investigations • Provides deep visibility into user activity & integration with internal/3rd party tools • SharePoint Online, One Drive for Business, Exchange Online and Azure AD • Accessed through the Office 365 Compliance Center • Some also reports accessed through Exchange Audit Reports and Azure AD Audit Reports *Slides will be available on my blog at www.trustsharepoint.com.
Questions Antonio Maio Antonio.Maio@protiviti.com @AntonioMaio2 SharePoint.Protiviti.com/Webinars Julia Marple Julia.Marple@protiviti.com @ProtivitiSP
Thank You!

Recommended

Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!AntonioMaio2
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedAntonioMaio2
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365AntonioMaio2
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 

Recommended

Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
 
What’s new in SharePoint 2016!
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!AntonioMaio2
 
Real world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedAntonioMaio2
 
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioAntonioMaio2
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...AntonioMaio2
 
Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365AntonioMaio2
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Edge Pereira
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems EngineerDediHusniHasyim
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
FireEye
FireEyeFireEye
FireEyegigamon
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...AntonioMaio2
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always OnAntonioMaio2
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 

More Related Content

Viewers also liked

Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Edge Pereira
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems EngineerDediHusniHasyim
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 

Viewers also liked (11)

Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems Engineer
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best Practices
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
FireEye
FireEyeFireEye
FireEye
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 

More from AntonioMaio2

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamAntonioMaio2
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...AntonioMaio2
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013AntonioMaio2
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedAntonioMaio2
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always OnAntonioMaio2
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013AntonioMaio2
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013AntonioMaio2
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013AntonioMaio2
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudAntonioMaio2
 
Share point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioShare point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioAntonioMaio2
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityAntonioMaio2
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 

More from AntonioMaio2 (19)

Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
Office 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maio
 
Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
 
A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
 
Best practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
 
Keeping SharePoint Always On
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always On
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013
 
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
 
SharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the Cloud
 
Share point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maioShare point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maio
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint Security
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio Maio
 

Recently uploaded

一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理egfdgfd
 
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样rgdasda
 
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理Fir
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样A
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理Fir
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样Fi
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书rgdasda
 
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样asdafd
 
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...Mumbai Escorts
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...musaddumba454
 
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...Mumbai Escorts
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理A
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsrahman018755
 
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理gfhdsfr
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator3DailyAI1
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirtrahman018755
 
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理Fir
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfe-Market Hub
 

Recently uploaded (20)

一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(UofT毕业证书)如何办理
 
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
 
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
 
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
 
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
 
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理
一比一原版(Cranfield毕业证书)英国克兰菲尔德大学毕业证如何办理
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理
一比一原版(PSU毕业证书)美国宾州州立大学毕业证如何办理
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdf
 

Securing Office 365 with Activity Monitoring

  • 1. Securing Office 365 with Activity Monitoring Thank you for joining our webinar! We will begin shortly.
  • 2. Introduction • ‘30 on Thursday’ Series • Bi-weekly 30 minute webinar series • Next Webinar: • October 22: “Building Nintex Mobile Apps” • Full Schedule: SharePoint.Protiviti.com/Webinars
  • 3. Live Tweeting! Tweet us your questions & feedback during the webinar! Tweet @ProtivitiSP and use #30TOffice365
  • 4. Today’s Session • Today’s session is being recorded • Archive of past sessions • SharePoint.Protiviti.com/ArchivedWebinars • Questions - Use the Question Window or tweet us your questions @ProtivitiSP using #30TOffice365
  • 5. Session Overview • Topic: • Securing Office 365 with Activity Monitoring • Presenter: • Antonio Maio, SharePoint MVP • Moderator: • Julia Marple, Protiviti
  • 7. Why Monitor and Audit Our Systems? • Meet Regulatory Compliance Obligations • Investigate Data Breaches • Audit Access to Sensitive Content
  • 8. Office 365 Activity Monitoring Capabilities 1. Office 365 Activity Report 2. Comprehensive Event Logging 3. Search Powershell Cmdlet 4. Management Activity API
  • 9. 1. Office 365 Activity Report • Login to Office 365 • Navigate to Admin > Compliance Center > Reports > Office 365 Activity Report
  • 10. 1. Office 365 Activity Report • Search across SharePoint Online, OneDrive for Business, Exchange Online, Azure AD • Search by users, file, folder, site, by date range • Search by type of activity • View Activity Details (Details Pane) • Run Report on Demand • Export results to CSV
  • 11. 1. Office 365 Activity Report • With each event, up to 37 event properties are logged • Actor • ClientIP • ClientProcessName • CreationTime • DestinationFileExtension • DestinationFileName • DestinationRelativeUrl • EventSource • ExternalAccess • SourceFileName • SourceRelativeUrl • Subject • Target • UserAgent • UserID • UserKey • UserSharedWith • UserType • Workload • ID • InternalLogonType • ItemType • LogonType • MailboxGuid • MailboxOwnerUPN • ModifiedProperties • ObjectID • Operation • OrganizationID • Path • Parameters • RecordType • ResultStatus • SharingType • Site • SiteUrl • SourceFileExtension
  • 12. 2. Comprehensive Event Logging • User and administrator events are logged as users work within Office 365 • Over 150 events logged (Ex. view a file, mailbox owner activities, Azure AD login, etc.) • 9 Event Categories • Exchange admin events • Exchange mailbox events • File and folder events (SharePoint and OneDrive for Business) • Invitation and access request events (SharePoint and OneDrive for Business) • Sharing events (SharePoint and OneDrive for Business) • Site administration events (SharePoint and OneDrive for Business) • Synchronization events (SharePoint and OneDrive for Business) • Azure Active Directory events (Admin Activity and User Login)
  • 13. 2. Comprehensive Event Logging • Example: File and Folder Events Event Friendly name Description FileCheckedIn File checked in User checks in a document that they checked out from a SharePoint or OneDrive for Business document library. FileCheckedOut File checked out User checks out a document located in a SharePoint or OneDrive for Business document library. Users can check out and make changes to documents that have been shared with them. FileCheckOutDiscarded File checkout discarded User discards (or undos) a checked out file. That means any changes they made to the file when it was checked out are discarded, and not saved to the version of the document in the document library. FileCopied File copied User copies a document from a SharePoint or OneDrive for Business site. The copied file can be saved to another folder on the site. FileDeleted File deleted User deletes a document from a SharePoint or OneDrive for Business site. FileDownloaded File downloaded User downloads a document from a SharePoint or OneDrive for Business site. FileFetched File accessed User or system account accesses a file. When a user or the system performs an operation on a file, the file has to be located and accessed. The FileFetched event indicates that retrieval action. Note that many file and folder related events will have one or more corresponding FileFetched log entries. FileModified File modified User or system account modifies the content or the properties of a document located on a SharePoint or OneDrive for Business site. FileMoved File moved User moves a document from its current location on a SharePoint or OneDrive for Business site to a new location.. FileRenamed File renamed User renames a document on a SharePoint or OneDrive for Business site. FileRestored File restored User restores a document from the recycle bin of a SharePoint or OneDrive for Business site. FileUploaded File uploaded User uploads a document to a folder on a SharePoint or OneDrive for Business site. FileViewed File viewed User views a document on a SharePoint or OneDrive for Business site. System accounts can also generate FileViewed events.
  • 14. 2. Comprehensive Event Logging • Example: Sharing Events Event Friendly name Description ExternalSharingSet File or folder shared with external user User shares a file or folder located in SharePoint or OneDrive for Business with a user outside their organization. SharedLinkCreated Sharing link created User creates a link to a shared file in SharePoint or OneDrive for Business. This link can be sent to other people to give them access to the file. A user can create two types of links: a link that allows a user to view and edit the shared file, or a link that allows the user to just view the file. SharedLinkDisabled Sharing link disabled User disables (permanently) a link that was created to share a file. SharingRevoked File or folder unshared User unshares a file or folder that was previously shared with other users. This event is logged when a user stops sharing a file with other users. SharingSet File or folder shared User shares a file or folder located in SharePoint or OneDrive for Business with another user inside their organization.
  • 15. 3. Search Powershell Cmdlet • PowerShell Cmdlet: Search-UnifiedAuditLog Examples: Search-UnifiedAuditLog -StartDate September 1, 2015 -EndDate September 30, 2015 Search-UnifiedAuditLog -StartDate 9/1/2015 -EndDate 9/30/2015 -RecordType SharePointFileOperation -Operations FileViewed - ObjectIds docx • Script searches of the event logs, looking for specific details • Export logs to a file • Automate searches and reporting
  • 16. 4. Management Activity API (*Limited Preview) • Integrate Office 365 activity data into internal or 3rd party security and compliance monitoring and reporting solutions • Grant rights for your application to access event data using Azure AD Register the application in Azure AD to establish an identity for your application and specify the permission levels it needs in order to access the APIs • Let the Office 365 service know if your application has rights to access it Office 365 tenant admin must explicitly grant consent to allow your application to access their tenant data through the APIs. • Request Access Tokens from Azure AD Using the application’s credentials (as in Azure AD) the application will request “app-only” access tokens for a consented tenant on an ongoing basis, without the need for further tenant admin interaction. • Start Calling the Management API Subscribe to content types; Receive notifications when content is available; Retrieve content as JSON *During the limited preview period only registered participants may actually retrieve data through the API.
  • 17. In Summary • Activity Monitoring/Reporting is just 1 aspect of Securing Information Systems • Key Drivers for Monitoring Activity and Auditing our Systems: • Enhance Compliance with Regulatory Standards • Enhance Access Control and Visibility into User Activity related to Content • Enable Detailed Investigations • Provides deep visibility into user activity & integration with internal/3rd party tools • SharePoint Online, One Drive for Business, Exchange Online and Azure AD • Accessed through the Office 365 Compliance Center • Some also reports accessed through Exchange Audit Reports and Azure AD Audit Reports *Slides will be available on my blog at www.trustsharepoint.com.