Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Office 365 built in searches

On Demand Audit provides the following Office 365 built-in searches that are based on the most common and complex requests for information

  • Email forwarding enabled in the past 7 days
  • Office 365 activity from ad-hoc external recipients in the past 7 days
  • Office 365 events from EXT Users in the past 7 days
  • Office 365 events in the past 7 days
  • Office 365 Exchange Online administrative cmdlets executed in the past 7 days
  • Office 365 Exchange Online events in the past 7 days
  • Office 365 Exchange Online mailbox events in the past 7 days
  • Office 365 Exchange Online mailbox login activity in the past 24 hours
  • Office 365 Exchange Online mailbox non-owner activity in the past 7 days
  • Office 365 OneDrive for Business events in the past 7 days
  • Office 365 OneDrive for Business file activity events in the past 7 days
  • Office 365 OneDrive for Business folder activity events in the past 7 days
  • Office 365 SharePoint Online events in the past 7 days
  • Office 365 SharePoint Online file activity events in the past 7 days
  • Office 365 SharePoint Online folder activity events in the past 7
  • OneDrive for Business and SharePoint Online anonymous link events in the past 180 days

Teams built in searches

On Demand Audit provides the following Teams searches:

  • Teams app events in the past 7 days

  • Teams bot events in the past 7 days

  • Teams channel events in the past 7 days

  • Teams client configuration changes in the past 30 days

  • Teams connector events in the past 7 days

  • Teams events in the past 7 days

  • Teams guest access configuration changes in the past 30 days

  • Teams guest members added in the past 7 days

  • Teams member role changes in the past 7 days

  • Teams member changes in the past 7 days

  • Teams notification and feeds policy changes in the past 30 days

  • Teams organization setting changes in the past 30 days

  • Teams tab events in the past 7 days

  • Teams targeting policy changes in the past 30 days

  • Teams team created events in the past 30 days

  • Teams team deleted events in the past 30 days

  • Teams team setting changes in the past 7 days

  • Teams user sign-in events in the past 7 days

On Demand Audit built in searches

On Demand Audit provides the following On Demand Audit built in search:

  • All On Demand Audit configuration changes in the past 30 days
  • All On Demand Audit events in the past 30 days
  • On Demand Audit alert plan management events in the past 30 days
  • On Demand Audit alert ran events in the past 30 days
  • On Demand Audit alert rule management events in the past 30 days
  • On Demand Audit all shared search and shared category management events in the past 30 days

Creating a custom search

Custom searches allow you to locate and report on the data that is of interest to you. The associated search preview updates as you construct a search to ensure you are getting the desired results. For options, see Customizing the columns displayed in a search.

NOTE:

  • Private search names must be unique among all categories for each user.

  • Shared search name must be unique among all shared searches in all categories in the organization

To create a search

  1. Under the Searches tab, click New Search.
  2. Enter a name for the search.
  3. Click Add to enter the required search criteria.
  4. Select as many filters as required. Search terms are highlighted in the preview (and search results and event details) to allows you to quickly scan for matches.
  5. Click Edit Columns to arrange, add, and remove the columns displayed in the search. See Customizing the columns displayed in a search.
  6. Click Save.By default, the new search will be created in the category you have selected when clicking New Search. If required select a different category.
  7. Select whether this is a private or shared search. Working with private and shared searches.
  8. Click Save.
  9. If required, click Alert, select the required alert plan (or create a new alert plan) to notify the required individuals , click Save. See Working with alerts and alert plans

Available filters

The available string operators include:

  • equals
  • does not equal
  • contains
  • does not contain
  • in
  • not in
  • starts with
  • does not start with
  • ends with
  • does not end

The available integer operators for sign-in events:

  • equals_number
  • does_not_equal_number
  • greater_than
  • greater_than_or_equals
  • less_than
  • less_than_or_equals
  • between_number

The available date and time operators include:

  • during last number of days or hours (By default, this is set to the last 7 days for all new searches.)
  • between
  • before
  • after
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating