Exceeding the Office 365 Audit Log with More Visibility into Activity

Since any action, whether it’s a change to SharePoint Online permissions or a user accessing another user’s mailbox, can put the security of your critical assets at risk or result in compliance failures, you need to continuously track activity in your Office 365 audit log. But manually digging into the audit logs in Office 365 is difficult and time-consuming. Moreover, you may be unable to spot instances of aberrant activity, and you’ll waste precious time putting together human-readable reports. Plus, you may be unable to provide evidence that you are keeping your audit log securely. Is there a way you can improve your Office 365 security, simplify reporting and pass audits with less stress?

Reviewing Office 365 admin and user activity with the native audit log

The Office 365 audit log and reports can help you improve security because they capture user activity. For example, you can review the Office 365 admin audit log for privilege abuse — native audit logging in the Office 365 Security and Compliance Center enables you to keep an eye on user and admin activity in the audit log of Office 365. However, you’ll have to work around several significant limitations:

  • It’s hard to dig out the details you need to address possible risks efficiently because the search capability provided by the built-in Office 365 audit log has limited filtering options.
  • There are only a few predefined audit log reports on Office 365 activity, so you’ll have to spend valuable time fine-tuning the reports with the help of the search function.
  • There’s no report subscription function, so you have to manually export specific audit data into Excel and massage it in order to present auditors or managers with the information they require in a readable format.
  • Be ready to continuously export your audit log to save it for later use, because the Security and Compliance Center does not provide any storage options. This not only adds to your workload; it also complicates finding data from the past whenever an auditor has questions or you have to perform in-house investigations.


Overcoming the limitations of the native Office 365 audit log with Netwrix Auditor

Netwrix Auditor helps you keep an eye on activity across your Office 365 environment by collecting and analyzing Office 365 Exchange logs, SharePoint logs and OneDrive for Business logs, and then converting this information into security intelligence and providing detailed, easy-to-read Office 365 activity reports. With Netwrix Auditor, you will:

  • Slash the time you spend on the detection and remediation of risky actions and on compliance preparation. The solution includes a broad spectrum of ready-to-use predefined reports that provide easy-to-read, insightful information — not raw log data.
  • Simplify reporting by subscribing yourself or auditors to the reports each of you needs. The reports will be automatically generated and delivered on the schedule you specify.
  • Quickly identify threats and investigate aberrant activity with the Interactive Search feature.
  • Be the first to know about any activity you deem critical with custom alerts that you fine-tune to your specific environment. It’s easy; you can even set up a specific alert right from your search query.
  • Keep your consolidated Office 365 Exchange logs, as well as SharePoint and OneDrive for Business logs, securely for over 10 years in a cost-effective two-tiered storage (SQL database + file-based), while still having easy access to them during audit checks or security investigations.

Office 365 activity report by Netwrix Auditor