The Complete Guide to Ransomware [Updated for 2022] Download eBook

How Office 365 Audit Logging Can Improve Your Security

Jason Coggins
| 4 min read| Updated On - June 22, 2020

Every year, increased cloud adoption rates suggest that the overall trust that users have in cloud-based platforms are increasing. This means that more and more organizations in key sectors, such as finance, healthcare and education, are storing sensitive information in the cloud and trusting that it will be secure. However, security controls and visibility into key changes taking place simply isn’t at the same level as some similar on-premise platforms.

These issues can be resolved in a number of ways, and audit logging using Office 365 is one critical and effective way of doing this. In this article we will go through what audit logging is in relation to Office 365, why it is important and how you can do it. Then we will offer an alternative solution to make the whole process that bit easier.

What is Audit Logging in Office 365?

Office 365 audit logs capture events that are happening in Exchange, SharePoint, Azure AD, Yammer, PowerBI and Sway. Once enabled, all critical actions that could have serious security implications are recorded by the platform. Such actions could include logins, password resets and any copying, moving or modifying of critical files and folders. For a more comprehensive list of exactly what information you can record, click here.

It doesn’t stop with simply recording events though. Through Office 365 you can set alerts so that you are immediately aware of actions you deem to be suspicious. For example, numerous failed login attempts, or multiple file downloads occurring over a short period of time.

Why is Office 365 Audit Logging Useful for Security?

Audit logging in Office 365 is useful from both a security and compliance perspective. Most organizations, especially those in finance, healthcare and education, will be covered by numerous compliance requirements that mandate strict data access governance. These mandates often require you to know immediately whenever any changes take place to critical data.

From a security standpoint, being able to set alerts for suspicious activity means you will speed up your investigation and response times when you detect a potential data breach waiting to happen. Correct use of audit logging enables you to get an idea of the behaviour of your users, what they have access to and whether you are giving a user elevated privilege.

How Do You Enable Office 365 Audit Logging?

This is a fairly simple process:

  1. An Administrator will need to go to the “Office 365 Security and Compliance Center” and enable audit logs.
  2. On the “Audit Log Search” page, click “Start recording user and admin activity”.
  3. For Exchange Online, there is a separate process to set up mailbox auditing which can be found here.
  4. Next, you can assign permissions to view the audit logs. This can be done in the “Exchange Admin Center”. The two options are “View-Only Audit Logs” and “Audit Logs”. Be wary who you give full permission to but bare in mind that alerts can only be sent to those users who hold either of these two permission values.
  5. To set up alerts, go to the “Security & Compliance Center” and then click “Audit Log Search”. From here, click “+Create an Alert” and follow the steps.

Is There a Better Way to Audit Office 365?

Well, we wouldn’t be in business if there wasn’t!

Office 365 auditing solutions, like Lepide Data Security Platform, enable you to get detailed and actionable information on changes taking place within Exchange Online, SharePoint Online, Azure AD and OneDrive for Business and overcome many of the limitations of native Office 365 auditing.

One such limitation of native auditing is that it only allows you to store the audit logs for 90 days. This means that constant manual review of the logs is necessary and investigations into historic incidents simply can’t take place. With Lepide Data Security Platform, audit trails are stored for years and are easily searchable, sortable and filterable so that you can get all the information you need.

Alerts and reports on Office 365 changes can be set up, and the solution also comes with pre-set reports designed to help meet numerous security and compliance challenges. It gives answers to the who, what, when and where auditing questions in a simple, friendly, easy-to-use dashboard. To see more, click here.

Jason Coggins

Jason Coggins came to Lepide directly from the UK government security services, and now leads the UK & EU sales team at Lepide. Based in Lepide’s UK office, Jason has a practical and ‘hands-on’ approach to introducing Lepide to customers and channel partners globally.

Popular Blog Posts