Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Change Auditor 7.4 - Office 365 and Azure Active Directory User Guide

Parcourir le contenu

Office 365 and Azure Active Directory Auditing Overview

Introduction System overview Client components and features Deployment requirements

System requirements License requirements Auditing and agent considerations Auditing in synchronized environments Upgrading Change Auditor

Configuring Office 365 and Azure Active Directory auditing

Managing Office 365 templates

Office 365 auditing page Create an Office 365 auditing template Edit an Office 365 auditing template Using an existing web application Disable a template Delete a template

Office 365 Auditing Wizard Managing Azure Active Directory templates

Azure Active Directory auditing page Create an Azure Active Directory auditing template Edit an Azure Active Directory auditing template Disable a template Delete a template

Azure Active Directory Auditing Wizard

Reports and Searches

Introduction to Office 365 and Azure Active Directory reporting Office 365 built-in reports Azure Active Directory built-in reports Custom searches

Creating custom Exchange Online searches Creating a custom SharePoint Online and OneDrive for Business search

Displaying additional SharePoint Online and OneDrive for Business information

Creating custom Azure Active Directory searches

Displaying additional Azure Active Directory information

Additional information for synchronized environments Working with generic Office 365 and Azure Active Directory events Additional Office 365 and Azure Active Directory event details Our brand, our vision. Together. Contacting Quest Technical support resources

Office 365 and Azure Active Directory Auditing Overview

•

•

System overview

•

Client components and features

•

Deployment requirements

Introduction

Change Auditor provides extensive, customizable auditing of critical activities and detailed alerts about vital changes taking place in Microsoft Office 365 Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Continually being in-the-know helps you to prove compliance, drive security, and improve uptime while proactively auditing changes to configurations and permissions.

You can generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications. By correlating accounts across the on-premises and cloud environment, you can easily search all events regardless of where they occurred.

Change Auditor’s consolidated audit platform, which is not available with system provided tools, enhances your ability to secure your directory and resources. Specifically, Change Auditor provides:

•

Detailed information giving you the Who, What, Where, and When for every event.

•

Single console and event format across all platforms.

•

Standardized search allowing you to search by any key field.

•

Consolidated view of on-premises and cloud activity.

•

Correlated on-premises and cloud identities for synchronized environments.

•

Ability to create alerts on any event for both on-premises and cloud activity.

•

Ability to store audit data indefinitely for compliance purposes.

•

System overview

To audit Office 365 and Azure Active Directory, Change Auditor agents require access to the tenant. A web application, which is an Azure Active Directory object, is used to grant this access to external programs, such as Change Auditor.

In addition, to configure and maintain Exchange Online mailbox auditing, Change Auditor agents must be granted access to the Exchange Online organization.

The following describes the integration points and process required for auditing:

1

Users configure an Office 365 or an Azure Active Directory auditing template and select an agent to receive events. The following credentials are required:

•

An account with the Global Administrator role. This account is used to create the web application and assign the required permissions for Change Auditor to perform auditing. After the web application is created, the credentials are no longer used. The agent retrieves the web application ID and key and securely stores them. The agent uses the ID and key to retrieve events from Office 365 and Azure Active Directory.

•

For Office 365 Exchange Online auditing, an account with the Exchange Administrator role is also required. This account is used to configure the mailbox auditing settings in the tenant that are defined in the template (such as enabling auditing of owner activity). The agent periodically uses these credentials to validate or update auditing settings, so they are securely stored in Change Auditor.

2

The agent connects to the tenant and creates the web application.

For Office 365 Exchange Online, the agent also connects to your Exchange Online organization and configures mailbox auditing.

3

The agent periodically gathers events.

For Office 365 Exchange Online, the agent also retrieves mailbox auditing settings to validate configuration.

4

The agent processes events and forwards them to the coordinator.

5

The coordinator forwards events to the Change Auditor database.

Client components and features

The following table lists the client components and features that require a valid Change Auditor for Exchange, Change Auditor for Active Directory, Change Auditor for SharePoint, and Change Auditor for Logon Activity license. You are not be prevented from using these features; however, associated events are not captured or enforced unless the proper license is applied.


	NOTE: To hide unlicensed Change Auditor features from the Administration Tasks tab (including unavailable audit events throughout the client), select Action \| Hide Unlicensed Components. This command is only available when the Administration Tasks tab is the active page.

Table 1. Client components and features

Administration Tasks Tab

Audit Task List:

•

Azure Active Directory

•

Event Details Pane

•

Mailbox (Exchange Online Mailbox)

•

Folder (Exchange Online Mailbox)

•

Cmdlet (Exchange Online Administration)

•

Operation (SharePoint Online and OneDrive for Business)

•

Object (Exchange Online Administration, SharePoint Online, and OneDrive for Business)

•

Office 365 Exchange Online Administration

•

Office 365 Exchange Online Mailbox

•

Office 365 SharePoint Online

•

Office 365 OneDrive for Business

•

Azure Active Directory — Application

•

Azure Active Directory — Administrative Units

•

Azure Active Directory — Device

•

Azure Active Directory — Directory

•

Azure Active Directory — Group

•

Azure Active Directory — Policy

•

Azure Active Directory — Risk Event

•

Azure Active Directory — Role

•

Azure Active Directory — Sign-in

•

Azure Active Directory — User

•

Azure Active Directory

Search Properties

•

Subsystem | Office 365

•

Subsystem | Azure Active Directory

Built-in Reports:

•

All reports that include the events in the Office 365 Exchange Online, Office 365 SharePoint Online, Office 365 OneDrive for Business, and Azure Active Directory facilities.

Alert Custom Email Dialog

Exchange Online only.

Add Owner(s) of Non-Owner Events option — to send an alert to the Exchange Mailbox owner when another user accesses their mailbox.

Outils libre-service: Base de connaissances; Notifications et alertes; Support produits; Téléchargements de logiciels; Documentation technique; Forums utilisateurs; Didacticiels vidéo; Flux RSS

Nous contacter: Obtenir une assistance en matière de licence; Support Technique; Afficher tout

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center