Chat now with support
Chat with Support

Change Auditor 7.3 - Office 365 and Azure Active Directory User Guide

Office 365 and Azure Active Directory Auditing Overview Configuring Office 365 and Azure Active Directory auditing Reports and Searches

Auditing in synchronized environments

Microsoft allows you to map identities between on-premises applications and cloud services. This is done by synchronizing your on-premises directories with Azure Active Directory using a Microsoft synchronization tool. When auditing Office 365 or Azure Active Directory in this synchronized environment, Change Auditor provides extra event details by mapping identities.

The following conditions must be met for Change Auditor to perform the mapping:

When Federation with AD FS is used as the single sign-on method, Azure logon events will no longer be generated since the authentication is done by the on-premises AD FS instance.

Upgrading Change Auditor

As of Change Auditor 7.2.0, Azure and Office 365 auditing templates will require MSAL (Microsoft Authentication Library) for authentication. New templates will no longer support basic authentication. Also, certificate authentication will now be required for web applications associated with Office 365 auditing templates. See Managing Office 365 templates for details.

When you upgrade from Change Auditor version 7.0.3 or earlier:

NOTE: Alternately, you can update the existing web application associated with the template by adding the required permissions directly on the web application in the Azure portal. See Edit an Azure Active Directory auditing template and Edit an Office 365 auditing template for the list of required permissions. Once the permissions have been updated, restart the agent service for the new permissions to be applied immediately and auditing will continue.

When you upgrade from Change Auditor version 6.9.0 or earlier:

 

Configuring Office 365 and Azure Active Directory auditing

Configuring Office 365 and Azure Active Directory auditing

 

 

 

Managing Office 365 templates

Change Auditor audits activity for Exchange Online, SharePoint Online, and OneDrive for Business that corresponds to the events in the Office 365 Security & Compliance Center unified audit log. Change Auditor allows you to easily track, report, and create alerts on activities such as:

NOTE:  

For a compete list of events, their description, and default severity see the Change Auditor Office 365 and Azure Active Directory Event Reference Guide.

See also:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating