Chat now with support
Chat with Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Group Policy built in searches

On Demand Audit provides the following Group Policy built-in searches:

  • Group Policy all events in the past 7 days
  • Group Policy all restricted group changes in the past 30 days
  • Group Policy all security changes in the past 30 days

Logon Activity built in searches

On Demand Audit provides the following logon activity built-in searches:

  • Logon Activity all authentication activity in the past 7 days
  • Logon Activity all excessive Kerberos ticket lifetime events in the past 30 days
  • Logon Activity all failed logon activity in the past 7 days
  • Logon Activity all interactive logon activity in the past 24 hours
  • Logon Activity all Kerberos authentication activity in the past 24 hours
  • Logon Activity all logon activity in the past 24 hours
  • Logon Activity all logon session activity in the past 24 hours
  • Logon Activity all NTLM version 1 logons in the past 7 days (Note: The associated event class is disabled by default in Change Auditor.)
  • Logon Activity all remote logon activity in the past 24 hours

Office 365 built in searches

On Demand Audit provides the following Office 365 built-in searches that are based on the most common and complex requests for information

  • Email forwarding enabled in the past 7 days
  • Office 365 activity from ad-hoc external recipients in the past 7 days
  • Office 365 events from EXT Users in the past 7 days
  • Office 365 events in the past 7 days
  • Office 365 Exchange Online administrative cmdlets executed in the past 7 days
  • Office 365 Exchange Online events in the past 7 days
  • Office 365 Exchange Online mailbox events in the past 7 days
  • Office 365 Exchange Online mailbox login activity in the past 24 hours
  • Office 365 Exchange Online mailbox non-owner activity in the past 7 days
  • Office 365 OneDrive for Business events in the past 7 days
  • Office 365 OneDrive for Business file activity events in the past 7 days
  • Office 365 OneDrive for Business folder activity events in the past 7 days
  • Office 365 SharePoint Online events in the past 7 days
  • Office 365 SharePoint Online file activity events in the past 7 days
  • Office 365 SharePoint Online folder activity events in the past 7
  • OneDrive for Business and SharePoint Online anonymous link events in the past 180 days

Teams built in searches

On Demand Audit provides the following Teams searches:

  • Teams app events in the past 7 days

  • Teams bot events in the past 7 days

  • Teams channel events in the past 7 days

  • Teams client configuration changes in the past 30 days

  • Teams connector events in the past 7 days

  • Teams events in the past 7 days

  • Teams guest access configuration changes in the past 30 days

  • Teams guest members added in the past 7 days

  • Teams member role changes in the past 7 days

  • Teams member changes in the past 7 days

  • Teams notification and feeds policy changes in the past 30 days

  • Teams organization setting changes in the past 30 days

  • Teams tab events in the past 7 days

  • Teams targeting policy changes in the past 30 days

  • Teams team created events in the past 30 days

  • Teams team deleted events in the past 30 days

  • Teams team setting changes in the past 7 days

  • Teams user sign-in events in the past 7 days

Related Documents