Chatta subito con l'assistenza
Chat con il supporto

Change Auditor 7.1.1 - Office 365 and Azure Active Directory User Guide

Azure Active Directory Auditing Wizard

To audit Azure Active Directory you must create an auditing template and select an agent.

The following table provides details on how to create a template and the required web application so you can beginto audit the Azure Active Directory activity and how to edit the audited activities in an existing template.

* 
NOTE: You can only create one Azure Active Directory template per tenant.
Table 5. Azure Auditing Template Wizard
Page
Description

Credentials, audit activity, and agent selection page

During template creation, use this page to provide the credentials for the accounts that register Change Auditor in the tenant, the activities to audit, and specify the agent.

 

NOTE: A Change Auditor for Active Directory license is required to monitor the audit logs. A Change Auditor for Logon Activity User license is required to monitor sign-in and sign-in risk event activity.
NOTE: To select a new agent, you must create a new template or use the Set-CAAzureADTemplate command through PowerShell. (See the Change Auditor PowerShell Command Guide for details.)
To create a template:
1
To create an Azure web application:
Enter the credentials of an Azure Active Directory account in UPN format (for example, <UserName>@<OrganizationName>.<onmicrosoft.com>) with the Global Administrator role. This account is used to create the web application and register Change Auditor in the tenant.
To use an existing Azure web application:
Enter the Azure directory, application ID, and application key.
If you are using an existing web application, consult the Microsoft documentation for details on integrating applications with Azure Active Directory and creating a web application. Note: In the Azure Classic Portal, you are required to provide the following URLs: Sign-On URL, App ID URL. Specify any URL address that is unique to your tenant for each of them.
Ensure the following permissions are assigned to the Azure web application:
Microsoft Graph application permissions:
AuditLog.Read.All – Application - Read all audit log data
Directory.Read.All – Application - Read directory data
IdentityRiskEvent.Read.All – Application - Read all identity risk information
Office 365 Management APIs application permissions:
ActivityFeed.Read – Application - Read activity data for your organization
2
Select the activity to audit:
Audit Logs: Audits Azure Active Directory user, group, application, and directory activity.
Sign-ins: Audits Azure Active Directory user sign-in and sign-in risk event activity.
3
Click Select agent to view available agents and whether they are assigned to an Azure Active Directory auditing template.
You cannot use an agent that is already assigned for auditing.
The Azure Active Directory cell contains ‘None’ if an agent is not assigned to a template, or ‘Auditing’ if it is assigned to a template. See the Change Auditor Release Notes for ports that need to be opened on the agent server.
4
Click Finish to create the template. After the template is created, Change Auditor starts collecting events that are available on your tenant.

 
To edit a template:
1
To create an Azure web application:
Enter the credentials of an Azure Active Directory account in UPN format (for example, <UserName>@<OrganizationName>.<onmicrosoft.com>) with the Global Administrator role. This account is used to create the web application and register Change Auditor in the tenant.
To use an existing Azure web application:
Enter the Azure directory, application ID, and application key.
If you are using an existing web application, consult the Microsoft documentation for details on integrating applications with Azure Active Directory and creating a web application. Note: In the Azure Classic Portal, you are required to provide the following URLs: Sign-On URL, App ID URL. Specify any URL address that is unique to your tenant for each of them.
Ensure the following permissions are assigned to the Azure web application:
Microsoft Graph application permissions:
AuditLog.Read.All – Application - Read all audit log data
Directory.Read.All – Application - Read directory data
IdentityRiskEvent.Read.All – Application - Read all identity risk information
Office 365 Management APIs application permissions:
ActivityFeed.Read – Application - Read activity data for your organization
2
Add and remove the activity to audit as required.
Audit Logs audits Azure Active Directory user, group, application, and directory activity.
Sign-ins: Audits Azure Active Directory user sign-in and sign-in risk event activity.
3
Click Finish to apply the updates.

Reports and Searches
Introduction to Office 365 and Azure Active Directory reporting
Office 365 built-in reports
Custom searches
Additional information for synchronized environments
Working with generic Office 365 and Azure Active Directory events
Additional Office 365 and Azure Active Directory event details

Introduction to Office 365 and Azure Active Directory reporting

Change Auditor delivers both preconfigured and customizable reports displaying events in one centralized viewer. You can create custom search definitions to locate changes made in Office 365 and Azure Active Directory. Using the available search properties across the bottom of the Searches page, you can define the search criteria and include specific columns to access more tenant details.

When Change Auditor is deployed in a synchronized environment, you can add extra columns to display extra mapping information about synchronized Active Directory users and their cloud identities for Office 365 and Azure Active Directory events. For details, see Auditing in synchronized environments.

Office 365 built-in reports

Office 365 built-in reports

To see a complete list of built-in reports, see the Change Auditor Built-in Reports Reference Guide.

To view all Office 365 searches:
1
Start the client and open the Searches tab.
2
In the explorer view (left pane), expand the Shared | Built-in | Office 365 folder.
3
Locate and double-click the required search in the right pane.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione