Last Updated on July 14, 2020 by Satyendra
Office 365 is a feature-rich, cloud-based solution that offers email, instant messaging, file-storage, file-sharing, and a lot more. Office 365 makes it easier for employees to work remotely and facilitates better collaboration on projects.
Using a cloud-based service will ensure that you always have the most up-to-date software, and that patches are installed in a timely manner to protect against security vulnerabilities. Additionally, there are many useful security features, such as email encryption and remote wiping (should an employee’s device get lost or stolen), and it uses advanced analytics and machine learning to help detect and alert on suspicious user behaviour. It can even scan emails for malicious links and attachments and block suspected emails from infiltrating the organization’s network perimeters.
Many organizations are not aware that Office 365 provides a wealth of log data that contains detailed information about events relating to access privileges, end-points, file-changes, file-sharing, log-on times and locations. Of course, there are still a number well-founded concerns that organizations have with regards to trusting a third-party vendor with all their critical data.
In order to ensure that we are compliant with the applicable regulations, we must know exactly what data we hold, where our data resides, who has access to the data, and when the data is being accessed. We should also be able to receive real-time alerts, generate detailed reports, and automate a response to suspicious changes made to this data.
What Are the Limitations of Native Office 365 Auditing?
Well, Office 365 certainly does a good job of monitoring events, but there are some important areas where it underperforms.
To start with, Office 365 generates a lot of noise. While it is possible to filter the logs to find the information we want, the search facility has limited filtering options. Additionally, Office 365 can only export a maximum of 10,000 logs, which may sound like a lot, but compared to most commercial auditing solutions, it is relatively low.
Unlike most professional User Behavior Analytics (UBA) solutions, Office 365 provides a limited number of audit reports, which means you will have to spend time customizing, formatting and exporting the reports manually. The Security and Compliance Center provides limited storage options, and the log data can only be archived for a maximum of 90 days.
A recent study found that US companies took an average of 206 days to detect a data breach, and so a limit of 90 days is not really sufficient. To ensure that you are able to satisfy the relevant compliance requirements, you will need to either upgrade to the Advanced Security Management (ASM) package or copy the log data into a spreadsheet for later use. Both options will require additional resources.
How Can LepideAuditor Improve on Office 365’s Auditing Capabilities?
LepideAuditor will help your organization to audit Office 365 changes by reducing the resources required to detect and respond to security incidents, respond to data access requests and satisfy the applicable regulatory requirements. LepideAuditor has a sophisticated reporting console, which can automatically generate over 300 pre-set reports which IT staff, administrators and managers can subscribe to.
As with most other Office 365 auditing solutions, it has an advanced search facility which makes investigating important events much easier and faster. LepideAuditor enables you to receive real-time alerts about any changes made to your critical assets, which can be delivered directly to your inbox, via the console, or to a mobile device with the Lepide app installed.
There are four main areas where LepideAuditor currently addresses Office 365 security, with more platforms being added all the time. LepideAuditor allows you to audit, monitor and alert on changes to permissions, configurations, privileged users, groups and much more in SharePoint Online, Exchange Online, Azure AD and OneDrive for Business.
LepideAuditor allows you to keep archives of the log data for these platforms for a much longer period of time and enables you to effortlessly identify and export the relevant log data following a data breach, which can be presented to the supervisory authorities.
Finally, it is generally good practice to store the log data on a different system to that which generated them. This is to ensure that the logs cannot be modified by rogue administrators, looking to cover their tracks.