With the release of Microsoft auditing for Office 365, Service Manager can now generate, search, export and action against audit events across your Office 365 tenant.
·Your Metalogix license must include the Service Manager module in order to work with your Office 365 Audit logs.
·Audit reporting is only available for objects located in Office 365. These reports are not available for any on-premises workload deployments (Active Directory, SharePoint, Exchange, etc.)
·You must either use a Global Administrator login (recommended) or if you do not have one, please talk to your Administrator and request permissions to access the Office 365 Audit reports.
·Specific actions (for example "Blocking" a user) may require additional permissions within your tenant.
·Auditing must be available and recording within your Office 365 tenant. If you are unsure, please login to your Office 365 Compliance Center, then Reports, and finally Office 365 Reports. Once the audit log page appears, if you see the message "Start recording user and admin activities" click on it to begin. If you do not see this message, then it is already recording.
·As of March 2016, Microsoft only stores 90 days worth of audit logs so any search performed through our software will only go back that far.
·As of March 2016, Microsoft only returns up to 5000 events per search. If more than 5000 events exist, the report will display the first 5000 starting with the most recent event.
·Our search retrieves information from the native Microsoft audit logs so there is no way for the software to update, edit, remove or verify the actual events themselves.