Staying Abreast of Office 365 Login History

Cloud technologies offer big benefits, but they also come with serious security threats. You need proper controls in place to protect the confidentiality and integrity of the data you store in the cloud, both for your own security and to comply with regulatory controls. In fact, to ensure continuous security and compliance of your Office 365, you need the same level of control over that environment as you have over your on-premises AD, Exchange or SharePoint. Keeping an eye on both Office 365 login history and change history is especially important.

Keeping an Office 365 login audit trail with native tools

In addition to monitoring Office 365 login history, you need to be able to store and access your Office 365 login audit trail for years. However, providing evidence to an auditor or your manager that you have proper control over Office 365 user logon activity is difficult using the predefined reports available in the Office 365 Security & Compliance Center. So is investigating security incidents. Here are a few reasons why:

•    The built-in data retention period is pretty short. With the free Azure AD subscription included in your paid Office 365 subscription plan, you can track activity for only 7 days. If you don’t want to lose visibility into user access to Office 365 that happened earlier and you need to be able to create user login reports, you have to constantly export the data and store it elsewhere. 
•    The audit log search capability available for Office 365 users has limited filtering options, which makes digging deeper into suspicious logon activity difficult.  

Retaining and Reporting on Office 365 user login history with Netwrix Auditor

Netwrix Auditor enables you to track your current Office 365 user login history for months and store the audit data for years in a secure two-tiered storage. This empowers faster reporting on historic data and easy investigation of past incidents, with no need to export data into Excel spreadsheets and spend hours poring through it. Netwrix Auditor for Azure AD includes a predefined Office 365 user login report that makes it easy to detect and review suspicious activity, while the built-in Google-like search capability enables you to dig into the details of an incident or quickly address any specific questions from auditors.
You can even save your search criteria to get faster access to detailed security intelligence that might be required for future investigations or audits. You can also get alerts on specific access events that are of particular concern to you. Moreover, Netwrix Auditor comes with Office 365 audit reports that are already mapped to the requirements of the most common compliance standards, saving you tons of time and effort preparing for compliance audits.

Azure AD Logon Activity report from Netwrix Auditor: Action, Who and When