Chat now with support
Chat with Support

On Demand Audit Current - User Guide

Introducing On Demand Audit Configuring On Demand Audit Change Auditor Integration Working with On Demand Audit Appendix A: Working with Filters Documentation Roadmap

Best Practices built in searches

On Demand Audit provides the following Best Practices built-in search:

  • Sharing operations on important file types within past 7 days
  • Teams guest access enabled or disabled in the past 30 days

Group Policy built in searches

On Demand Audit provides the following Group Policy built-in searches:

  • Group Policy all events in the past 7 days
  • Group Policy all restricted group changes in the past 30 days
  • Group Policy all security changes in the past 30 days

Logon Activity built in searches

On Demand Audit provides the following logon activity built-in searches:

  • Logon Activity all authentication activity in the past 7 days
  • Logon Activity all excessive Kerberos ticket lifetime events in the past 30 days
  • Logon Activity all failed logon activity in the past 7 days
  • Logon Activity all interactive logon activity in the past 24 hours
  • Logon Activity all Kerberos authentication activity in the past 24 hours
  • Logon Activity all logon activity in the past 24 hours
  • Logon Activity all logon session activity in the past 24 hours
  • Logon Activity all NTLM version 1 logons in the past 7 days (Note: The associated event class is disabled by default in Change Auditor.)
  • Logon Activity all remote logon activity in the past 24 hours

Office 365 built in searches

On Demand Audit provides the following Office 365 built-in searches that are based on the most common and complex requests for information

  • Email forwarding enabled in the past 7 days
  • Office 365 activity from ad-hoc external recipients in the past 7 days
  • Office 365 events from EXT Users in the past 7 days
  • Office 365 events in the past 7 days
  • Office 365 Exchange Online administrative cmdlets executed in the past 7 days
  • Office 365 Exchange Online events in the past 7 days
  • Office 365 Exchange Online mailbox events in the past 7 days
  • Office 365 Exchange Online mailbox login activity in the past 24 hours
  • Office 365 Exchange Online mailbox non-owner activity in the past 7 days
  • Office 365 OneDrive for Business events in the past 7 days
  • Office 365 OneDrive for Business file activity events in the past 7 days
  • Office 365 OneDrive for Business folder activity events in the past 7 days
  • Office 365 SharePoint Online events in the past 7 days
  • Office 365 SharePoint Online file activity events in the past 7 days
  • Office 365 SharePoint Online folder activity events in the past 7
  • OneDrive for Business and SharePoint Online anonymous link events in the past 180 days
Related Documents