• Torne-se um profissional do portal
• Download
• Imprimir
• Meus downloads ()

• Suporte
• Documentação técnica
• Change Auditor 7.2
• Change Auditor 7.2 - Office 365 and Azure Active Directory User Guide

Change Auditor 7.2 - Office 365 and Azure Active Directory User Guide

Navegação de conteúdo  

Office 365 and Azure Active Directory Auditing Overview

Introduction System overview Client components and features Deployment requirements

System requirements License requirements Auditing and agent considerations Auditing in synchronized environments Upgrading Change Auditor

Configuring Office 365 and Azure Active Directory auditing

Managing Office 365 templates

Office 365 auditing page Create an Office 365 auditing template Edit an Office 365 auditing template Using an existing web application Disable a template Delete a template

Office 365 Auditing Wizard Managing Azure Active Directory templates

Azure Active Directory auditing page Create an Azure Active Directory auditing template Edit an Azure Active Directory auditing template Disable a template Delete a template

Considerations

Azure Active Directory Auditing Wizard

Reports and Searches

Introduction to Office 365 and Azure Active Directory reporting Office 365 built-in reports Azure Active Directory built-in reports Custom searches

Creating custom Exchange Online searches Creating a custom SharePoint Online and OneDrive for Business search

Displaying additional SharePoint Online and OneDrive for Business information

Creating custom Azure Active Directory searches

Displaying additional Azure Active Directory information

Additional information for synchronized environments Working with generic Office 365 and Azure Active Directory events Additional Office 365 and Azure Active Directory event details

• Viewing Topics 17 - 20 of 40

×

Disable a template

Disabling a template temporarily stops auditing activities without having to remove the template.

NOTE: Change Auditor stops collecting events if a license expired, the template is disabled, or the agent stops. After you apply a valid license, enable the template, or restart the agent Change Auditor collects available events from the tenant that were missed.

To disable an auditing template

1	On the Office 365 Auditing page, use one of the following methods to disable an auditing template:

•	Place your cursor in the Status cell for the auditing template to disable, click the arrow control, and select Disabled.

•	Right-click the template to disable and select Disable

The entry in the Status column for the template changes to ‘Disabled’.

2	To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu.

Delete a template

NOTE: When you delete a template, the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal.

To delete a template

1	On the Office 365 Auditing page, select the template to delete and choose Delete | Delete Template.

2	Click Yes to confirm.

Office 365 Auditing Wizard

To audit Office 365 Exchange Online, SharePoint Online, and OneDrive for Business you must first create an auditing template and select an agent. For Exchange Online, you need to also define the type of events to audit.

For details on the integration points and process required to audit an organization, as well as auditing and agent considerations, see Deployment requirements.

NOTE:   • Office 365 Exchange, SharePoint and OneDrive auditing templates created in the Windows client defaults to 7 days (168 hours) of historical event collection. Historical event collection includes only mailbox auditing types previously enabled. • Due to enhanced security measures, basic authentication is no longer supported for Office 365 auditing; certificate authentication is now required. If you choose to create the required web application when you create the template, you can select to generate a self-signed certificate (default) or use a valid certificate from your personal certificate store. This will result in a properly configured web application. If you choose to use an existing web application when you create a template, you will need to specify the application ID, application key, and a valid certificate. For required configuration, see Using an existing web application.

The following table provides details on how to create a template and the required web application so you can begin to audit the Office 365 activity. Also included are the details on how to edit an existing template.

NOTE: Office 365 Exchange, SharePoint and OneDrive auditing templates created in the Windows client defaults to 7 days (168 hours) of historical event collection. Historical event collection includes only mailbox auditing types previously enabled.

 

Table 4. Office 365 Exchange Online Auditing wizard

Page	Description
Service and agent selection page During template creation, use this page to provide the credentials for the accounts that register Change Auditor in the tenant, select the Office 365 service to audit, and specify the agent.   During editing, use this page to: • Add or remove an Office 365 service to audit. • Update the certificate applied to the web application. NOTE: To select a new agent, you must create a new template or use the Set-CAO365ExchangeTemplate command through PowerShell. (See the Change Auditor PowerShell Command Guide for details.)	If you select to create a new Azure web application: To create a template: 1 Under Authentication Configuration, select to Create a new web application or Use existing web application. If you select to create a new Azure web application: a Enter the Azure Active Directory Name. b Select Generate self-signed certificate or Select certificate to choose a previously created certificate from your personal store. By default, invalid certificates are filtered out from the list of available certificates. If you select to use an existing Azure web application: Enter the Azure directory, application ID, and application key, and select a previously created certificate. For required settings and permissions, see Using an existing web application and Microsoft documentation for details on integrating applications with Azure Active Directory, creating a web application, and adding a certificate to a web application.
	2 Select the Office 365 services to audit. 3 Click Select agent to view available agents and whether they are assigned to a template. You cannot use an agent that is already assigned for Office 365 auditing. The Office 365 cell contains ‘None’ if an agent is not assigned to a template, or ‘Auditing’ if it is assigned to a template. See the Change Auditor Release Notes for ports that need to be opened on the agent server. 4 If you have selected to audit only SharePoint Online and/or OneDrive for Business activities, click Finish. If you have selected to audit Exchange Online, you need to select the activities to audit within the Exchange Online organization. 5 You will need to login to register Change Auditor in the tenant and ensure the required consent has been granted. Note: Internet access is required. The Azure Active Directory sign-in page opens automatically once you have selected all your template settings and clicked Finish. To grant permission for all administrators to create a web application: a Select an account with the Global Administrator role. b Enter the required password, and select Sign in. c Review the required permissions for the Change Auditor Configuration Assistant on the Azure consent page. (Consent is only required once per tenant. You may, however, be prompted to enter your log on credentials when creating a new web application.) d To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept. e To apply the consent for just the current signed-in user simply click Accept.
	To edit a template: 1 Under Authentication Configuration, select to Create a new web application or Use existing web application. If you select to create a new Azure web application: a Enter the Azure Active Directory Name. b Select Generate self-signed certificate or Select certificate to choose a previously created certificate from your personal store. By default, invalid certificates are filtered out from the list of available certificates. If you select to use an existing Azure web application: Enter the Azure directory, application ID, and application key, and an existing certificate. For required settings and permissions, see Using an existing web application and Microsoft documentation for details on integrating applications with Azure Active Directory, creating a web application, and adding a certificate to a web application. 2 Add and remove the services to audit as required. Choose between Exchange Online, SharePoint Online, and OneDrive for Business. When you remove a service, the agent will no longer audit its activity. If you later enable auditing, you will not be able access events generated when auditing was disabled.
Auditing activity selection page Define or edit the types of activity to audit. For a new template, before you can select to audit individual mailboxes or update the configuration to audit owner events, you need to select Finish to create the template. NOTE: When Change Auditor creates a template with default settings, it turns on mailbox non-owner activity auditing settings for every mailbox in your tenant. When you disable this option: • Mailbox non-owner activity auditing settings for every mailbox in your tenant will be disabled as well. • Only the mailboxes specifically added to the template through your selection will be audited. This may affect other systems that rely on having auditing enabled. NOTE: When you add/remove individual mailboxes for auditing or select to enable/disable owner auditing, the changes are saved immediately. They are effective after the agent configuration is updated. NOTE: If you change the mailbox display name, e-mail address, or UPN for a mailbox that is in a template, the auditing of the mailbox continues; however, the old mailbox settings display in the Change Auditor template. To see the new values, remove the mailbox and add it again. IMPORTANT: It is recommended that you select owner auditing for critical mailboxes only. Owner auditing for a large number of mailboxes produces many events that may affect performance.	You can choose from the following: Administrative Activity • All administrative events: This includes remote PowerShell connections to the mailbox, or any action in the web administration portal for the Office 365 Exchange Online organization. Mailbox Activity For mailbox activity, you have the option to set mailbox auditing settings or use the settings that have been configured in the Exchange Online tenant. Set tenant mailbox auditing settings • Select All mailboxes for non-owner events By default, only activities performed by users other than the mailbox owner (non-owner activity) are audited. You can however, disable this option and audit only specific mailboxes. -OR- • Click Select mailboxes. To add a mailbox: a Enter the first letter or letters of the display name (not the mailbox name) in the top search field and click Search. b Select the appropriate entry from the mailbox results and click Add. To remove a mailbox: a Enter the first letter or letters of the display name (not the mailbox name) into the bottom search field and click Search. b Select the appropriate entry from the lower mailbox window and click Remove. You can refine your mailbox search by selecting Non-Owner Only, Owner, or All. (Owner includes mailboxes enabled for both owner and non-owner activity.)
	• To optionally add owner auditing on specific mailboxes, enable the Include Owner Activity option. The "Owner Activity" audited on a configured mailbox include folder, message and login events. a To add or remove owner auditing on specific mailboxes enter the first letter or letters of the display name (not the mailbox name) into the bottom search field and click Search. Locate the required mailbox to enable or disable to Include Owner Activity as required.You can refine your mailbox search by selecting Non-Owner Only, Owner, or All. Use existing tenant mailbox settings When this is enabled, the template settings will have no effect on the mailbox auditing settings. The settings in the tenant will be used. 3 Click Close. 4 Click Next to optionally specify the generic events to exclude from auditing based on their operations. The operations are visible in the "Activity Name/Operation" column of the Office 365 built-in searches. Generic events are dynamically created when associated activity is detected that does not have a corresponding event defined in Change Auditor. 5 Click Finish to apply the updates. When the agent’s configuration is updated, it may take some time (approximately 1 second per mailbox) for it to be applied and the auditing to start after a template is created or modified. 6 You will need to login to register Change Auditor in the tenant and ensure the required consent has been granted. Note: Internet access is required. The Azure Active Directory sign-in page opens automatically once you have selected all your template settings and clicked Finish. To grant permission for all administrators to create a web application: a Select an account with the Global Administrator role. b Enter the required password, and select Sign in. c Review the required permissions for the Change Auditor Configuration Assistant on the Azure consent page. (Consent is only required once per tenant. You may, however, be prompted to enter your log on credentials when creating a new web application.) d To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept. e To apply the consent for just the current signed-in user simply click Accept.

Managing Azure Active Directory templates

Managing Azure Active Directory templates

Change Auditor for Active Directory simplifies the audit process by tracking, auditing, reporting, and alerting on activity in Microsoft Azure Active Directory that impact your environment. Change Auditor correlates activity across the on-premises and cloud directories, providing you a single pane-of-glass view of your hybrid Active Directory environment and making it easy to search all events regardless of where they occurred.

You can generate intelligent and in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications.

Change Auditor audits activity that corresponds to the events in the Azure Active Directory audit logs, sign-in activity report, and risky sign-ins report.

For a list of events, their description, and default severity see the Change Auditor Office 365 and Azure Active Directory Event Reference Guide.

•  Voltar
• Viewing Topics 17 - 20 of 40
• Avançar 

Procurar este documento Procurar todos os documentos para esta versão do produto Procurar todos os documentos para este produto Procurar todos os documentos

×

 Bem-vindo ao Suporte

Você pode encontrar ajuda de suporte on-line para *produto* da Quest em um local de suporte afiliado. Clique em Continue (Continuar) para ser direcionado ao conteúdo de suporte correto e à assistência a *produto*.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center