Chat now with support
Chat with Support

On Demand Audit Current - Release Notes

Release Notes

Quest® Quest On Demand Audit

Release Notes

June, 7 2022

These release notes provide information about Quest On Demand Audit deployments.

On Demand Audit provides extensive auditing of critical activities and detailed reports about vital changes taking place in Microsoft Office 365 Exchange Online, SharePoint Online, and OneDrive for Business. Continually being in-the-know helps you to prove compliance, drive security, and improve up time while proactively auditing changes to configurations and permissions.

Integrating with Change Auditor, provides a single view of activity across hybrid Microsoft environments and turns on-premise events into rich visualizations to investigate incidents faster. Events sent to On Demand Audit include historical events gathered up to 30 days prior to upgrade to Change Auditor 7.0.0 (or higher).

On Demand Audit audits:

  • When Exchange Online mailboxes are created, deleted, and accessed.
  • Permission changes to see which users are granted access to a mailbox.
  • Mailbox activity by non-owner such as messages sent, read, deleted, and folders deleted
  • Mailbox activity by owner for sensitive and high value mailboxes.
  • When files and folders are accessed, created, deleted, uploaded, moved, renamed, and checked in and out of SharePoint Online and OneDrive for Business sites.
  • When user and group attributes are changed.
  • When users and groups are added to and removed from the directory.
  • Successful and failed logins. 
  • Suspicious sign-in activity.
  • Teams user and administrator activity.

 

New features

New features in this deployment:

  • The Apply button on the Edit Layout flyout has been updated to Preview to reflect the actual function.

Release History

The following lists the new features and resolved issues by deployment.

Current Deployment

June, 7 2022
Enhancements
Enhancement ID
The Apply button on the Edit Layout flyout has been updated to Preview to reflect the actual function. 350662
May 12, 2022
Enhancements
Enhancement ID
Support for GCC tenants for organizations in the US region. 350974
Ability to select a donut chart for the search results visualization. 320192
Ability to select a bar chart for the search results visualization. 328121

Previous Deployments

March 15, 2022
Enhancements
Enhancement ID
Ability to audit adminCount attribute changed events. 328327

Ability to audit all SIDHistory attribute changes and all high severity SIDHistory attribute changes.

328325
Administrative privilege elevation detected activity added to the critical activity tile on the dashboard. 328328
Potential SIDHistory injection detected activity added to the critical activity tile on the dashboard.

328326

Domain level group policy linked changes added to the critical activity tile on the dashboard. 328320
Irregular domain controller registration detected (DCShadow) activity added to the critical activity tile on the dashboard. 328324
Ability to audit AD irregular domain controller registration events. 328323
Legend added to the donut chart that displays critical activity. 280484
Ability to audit Group Policy domain level linked change. 328322
AD user ServicePrincipalName attribute changes detected event added to the Critical Activity dashboard. 315396
Provisioning status check. 291656
Provisioning status check for a Change Auditor integration. 291657
February 1, 2022
Enhancements
Enhancement ID
AD User ServicePrincipalName attribute changes in the past 30 days built in search 315203
Ability to select a time series chart for the search results visualization. 318039
January 18, 2022
Enhancements
Enhancement ID
Ability to subscribe to Anomaly Activity and Audit Health alert plans directly from the Audit Health tile in the dashboard. 302112
Ability to easily preview and customize the columns that display in generated reports. 302838
Nov 23, 2021
Enhancements
Enhancement ID

Additional built in search under the Audit Health category:

  • Change Auditor Installation activity changes in the past 30 days search
281274

Ability to audit when an Audit Hybrid Suite for Office 365 subscription and Audit Hybrid Suite for Active Directory subscription is going to expire through the “Service subscription expiring” event which is logged when subscription expires in 30, 60 and 90 days.

282927
November 9, 2021
Enhancements
Enhancement ID
Built in Audit Health and Anomaly Activity alerts plans and associated built in alerts for all searches within the Audit Health and Anomaly Activity categories. 289369
October 12, 2021
Enhancements
Enhancement ID
Ability to audit Change Auditor connection interrupted and Change Auditor connection resumed events. 280847

Additional built in search under the Audit Health category: Change Auditor Installation upgrade events in the past 30 days.

Activities audited include:

  • Change Auditor upgrade required
  • Change Auditor upgrade available
281046

Anomaly detection to help identify unusual spikes in activity, that may indicate a threat to your organization. Including a visualization that details, baselines, anomalies, and total values for the following activity:

  • Unusual increase in AD account lockouts
  • Unusual increase in failed AD changes
  • Unusual increase in permission changes to AD objects
  • Unusual increase in tenant sign-in failures
  • Unusual increase in successful tenant sign-ins
  • Unusual increase in files shared from OneDrive and SharePoint
  • Unusual increase in Office 365 activity by guest users
  • Unusual increase in Office 365 activity by anonymous users
  • Unusual increase in Teams guest participants
261904
September 28, 2021
Enhancements
Enhancement ID

Additional built in search under the Audit Health category:

  • Service activity changes in the past 30 days
281276

Additional built in search under the Audit Health category: Subscription expiring events in the past 90 days

Additional search filters:

  • Subscription Name
  • Subscription Expiry Date
  • Subscription Type
282926
September 14, 2021
Enhancements
Enhancement ID

Additional built in search under the Audit Health category:

  • Change Auditor Installation setting changes in the past 30 days
  • Service auditing enabled or disabled events in the past 30 days
278731

Additional built in searches under the Anomaly Activity category: 

  • Unusual increase in tenant sign-in failure events in the past 30 days
  • Unusual increase in AD account lockout events in the past 30 days
  • Unusual increase in successful tenant sign-in events in the past 30 days
  • Unusual increase in failed AD change events in the past 30 days
  • Unusual increase in permission changes to AD object events in the past 30 days
  • Unusual increase in files shared from OneDrive and SharePoint events in the past 30 days
  • Unusual increase in Office 365 activity by guest user events in the past 30 days
  • Unusual increase in Office 365 activity by anonymous user events in the past 30
  • Unusual increase in Teams guest participant events in the past 30 days
  • All anomaly detected events in past 30 days
280820
September 7, 2021
Enhancements

Additional built in search under the Audit Health category:  Change Auditor Installation connectivity events in the past 30 days.

Additional search filters:

  • Latest Activity Time
  • Latest Event Time Detected
  • Correlated Activity
 
280845

Additional built in search under the Audit Health category: Service activity changes in the past 30 days.

Additional search filters:

  • Last Event Time Detected
  • Correlated Activity
281273

Incident response management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. On Demand relies on Azure and AWS infrastructure and as such, is subject to the possible disruption of these services.You can view the following status pages:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating