Office 365 Audit Log – WindowsTechs.com

Interpreting the Office 365 MailItemsAccessed Audit Event

Posted on April 28, 2020 by Tony Redmond

Browsing MailItemsAccessed audit records with Out-GridView
If you have Office 365 E5 licenses, your mailboxes generate MailItemsAccessed events. These events are stored in the Office 365 audit log and can be used for investigating potentially compromised mailboxes. Useful information is in the audit events, but some processing is needed to extract the full benefit. Here’s how to do it with PowerShell. Continue reading Interpreting the Office 365 MailItemsAccessed Audit Event→

Managing OneDrive for Business File Upload Requests

Posted on January 28, 2020 by Tony Redmond

Some not-so-desirable file types uploaded to OneDrive for Business

The new Request Files feature in OneDrive for Business is great for users but comes with no admin controls. You can block the feature completely with a kludge and use Office 365 audit records to know when people are requesting files. However, Microsoft could make the feature so much better by extending some existing controls to make requesting files work better and more securely.

The post Managing OneDrive for Business File Upload Requests appeared first on Petri.

Continue reading Managing OneDrive for Business File Upload Requests→

Identifying Obsolete Guest User Accounts in an Office 365 Tenant

Posted on December 23, 2019 by Tony Redmond

Many Office 365 applications now create Azure Active Directory guest accounts. What’s the best way to discover if the accounts are active and in use? This PowerShell script uses the Office 365 audit log and message trace data to figure out what guest accounts are active and outputs a CSV file for your review and analysis. Like any other PowerShell script, it can be adapted to suit your purposes.

The post Identifying Obsolete Guest User Accounts in an Office 365 Tenant appeared first on Petri.

Continue reading Identifying Obsolete Guest User Accounts in an Office 365 Tenant→

Discover Who Creates Guest Accounts in Office 365 Applications

Posted on October 17, 2019 by Tony Redmond

Office 365 applications now create many guest accounts in Azure Active Directory. You can see what accounts exist, but it’s more difficult to discover who created the accounts – or why they were created. Fortunately, the Office 365 audit log holds a lot of useful data that can be interrogated to find some answers and PowerShell is a great tool for slicing and dicing audit data. See what you think of the answers I’ve come up with.

The post Discover Who Creates Guest Accounts in Office 365 Applications appeared first on Petri.

Continue reading Discover Who Creates Guest Accounts in Office 365 Applications→

Microsoft Finally Makes Mailbox Auditing Happen for Exchange Online

Posted on July 18, 2018 by Tony Redmond

Office 365 Audit Search Mailbox

The news that Microsoft will make mailbox auditing the default in Exchange Online is very welcome, as is the new mechanism they plan to use. Microsoft won’t get the new feature rolled out across Office 365 until the end of 2018, so there’s still a gap to fill to make sure that audit records are gathered for mailbox activity.

The post Microsoft Finally Makes Mailbox Auditing Happen for Exchange Online appeared first on Petri.

Continue reading Microsoft Finally Makes Mailbox Auditing Happen for Exchange Online→

Office 365 Snippets — October 20, 2016

Posted on October 20, 2016 by Tony Redmond

Exchange Flat Tony

Some interesting announcements during the last week informed us about Yammer getting better at compliance and a new Office 365 connector. I’m not so hot on the bots, though. In other news, MyAnalytics has an unexplained love for Internet Explorer and the topic of password trimming and the Office 365 maximum password length caused some confusion – at least for one administrator! And some news about an interesting Exchange 20th anniversary video and a VDI collaboration project between VMware and Microsoft for Skype for Business rounds out the week.

The post Office 365 Snippets — October 20, 2016 appeared first on Petri.

Continue reading Office 365 Snippets — October 20, 2016→

Office 365 at Ignite — SharePoint, Exchange, Auditing, and More

Posted on September 29, 2016 by Tony Redmond

office 365 hero

There’s lots to hear and learn about with regard to Office 365 at the Microsoft Ignite conference in Atlanta this week. All of the product groups are putting their best face forward to impress and amaze customers with what has happened or what will happen inside the service. Here’s some of what I have been hearing.

The post Office 365 at Ignite — SharePoint, Exchange, Auditing, and More appeared first on Petri.

Continue reading Office 365 at Ignite — SharePoint, Exchange, Auditing, and More→

Why an Office 365 Connector Generates Multiple SendAs Audit Events

Posted on August 30, 2016 by Tony Redmond

Office 365 Connectors allow data drawn from multiple internet sources like Twitter to be imported into Office 365. This article explains why imported tweets result in multiple SendAs events logged in the Office 365 Audit log.

The post Why an Office 365 Connector Generates Multiple SendAs Audit Events appeared first on Petri.

Continue reading Why an Office 365 Connector Generates Multiple SendAs Audit Events→