Chat now with support
Chat with Support

Change Auditor 7.3 - Office 365 and Azure Active Directory User Guide

Office 365 and Azure Active Directory Auditing Overview Configuring Office 365 and Azure Active Directory auditing Reports and Searches

Azure Active Directory auditing page

The Azure Active Directory auditing page contains a list of auditing templates that define the directory to audit.

The following information is displayed for each template:

Create an Azure Active Directory auditing template

The following section describes how to create a template and the required web application so you can begin to audit the Azure Active Directory activity. After the template is created, Change Auditor starts collecting events that are available on your tenant.

2
Click Auditing.
3
Select Azure Active Directory (under Directories).
4
Click Add to open the auditing wizard.
6
Under Authentication Configuration, select to Create a new web application or Use existing web application.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.

Ensure the following permissions are assigned to the Azure web application:

Microsoft Graph application permissions:

Office 365 Management APIs application permissions:

Once the required permissions are applied, click Grant admin consent for… and confirm with Yes.

Audit Logs: Audits Azure Active Directory user, group, application, and directory activity. A Change Auditor for Active Directory license is required.
Sign-ins: Audits Azure Active Directory user sign-in and sign-in risk event activity. A Change Auditor for Logon Activity User license is required.
8
Click Select agent to view available agents and whether they are assigned to an auditing template. The Azure Active Directory cell contains ‘None’ if an agent is not assigned to a template, or ‘Auditing’ if it is assigned to a template. From this list, select the agent to capture the events and click OK.
9
Click Finish to create the template.

Edit an Azure Active Directory auditing template

This section describes how to add or remove Azure Active Directory activity to audit.

To select a new agent, you must create a new template or use the Set-CAAzureADTemplate command through PowerShell. (See the Change Auditor PowerShell Command Guide for details.)

2
Click Auditing button.
3
Select Azure Active Directory (under Directories).
4
Select the template and click Edit to open the auditing wizard.
5
Under Authentication Configuration, select to Create a new web application or Use existing web application.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.

Ensure the following permissions are assigned to the Azure web application:

Microsoft Graph application permissions:

Office 365 Management APIs application permissions:

Once the required permissions are applied, click Grant admin consent for… and confirm with Yes.

Audit Logs audits Azure Active Directory user, group, application, and directory activity. A Change Auditor for Active Directory license is required.
Sign-ins: Audits Azure Active Directory user sign-in and sign-in risk event activity. A Change Auditor for Logon Activity User license is required.
8
Click Finish to apply the updates.

Disable a template

Disabling a template temporarily stops auditing activities without having to remove the template.

Place your cursor in the Status cell for the auditing template to disable, click the arrow control, and select Disabled.
The entry in the Status column for the template changes to ‘Disabled’.
2
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating