Online all the time, anywhere with anything
Call Us: +46 8 50003170

Audit logs Office 365

The number of security features in Office 365 is growing, one of the cool features we at NetIntegrate have been implementing lately is logging and alerts. To fully be able to setup the alerts you do need Office 365 E5 plan.The feature is administered from the Security & Compliance Admin Center, that can be reached from the Office 365 admin portal. The Security & Compliance Admin Center have as some of the other portals a link by itself.

The alerts is built on policies that the administrator has to setup. in order to be fluent in setting the policies you have to be experienced with the structure of Office 365 components. It is vital to have SharePoint experience as many of the activities that can be logged are based from SharePoint. We at NetIntegrate are already today co-working with Microsoft partners on SharePoint. If you have a partner that is not experienced with SharePoint you can have them contact us.

The policies for alerts are built like this

  • Activity to be monitored, such as deleting files/folders or sharing a file outside of the organisation.
  • Condition for the activity, such as if the alert is triggered if a certain or all users perform the activity. The number of options is dependent on the activivity.
  • Alert threshold, the number of alerts that need to be triggered before an alert is sent.
  • Alert category are these Data governance, Data loss protection, Permissions and Threat management
  • Alert severity is either low, medium or high.
  • Email notifications is who will receive these alerts.

If you don´t have the E5 license you only get the options to setup the activity and the email notifications. That is a good start and can be together with the Audit log search be a good start in monitoring your users activity and behavior. These possibilities for governing the data will be needed for the GDPR, I guess you are now aware of the regulation for data privacy of European citizens. In order to be able to setup policies you have to start logging in the admin center.

The options of governing will be a series of posts on my blog during the summer so stay tuned. I have a plan for all posts until end of July, the posts will be written during the next 2 weeks and scheduled to be released on schedule. For newcomers to my blog I can tell you that new posts are available every Sunday at 3 p.m. local Swedish time, for many of us the workweek starts on Sunday afternoon/evening.