Office 365 and Azure Active Directory auditing
Change Auditor provides extensive, customizable auditing of critical activities and provides detail alerts about vital changes taking place in Microsoft Office 365 Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Continually being in-the-know helps you to prove compliance, drive security, and improve uptime while proactively auditing changes to configurations and permissions.
To ensure Office 365 and Azure Active Directory compliance, you can generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications. By correlating activity across the on-premises and cloud environment, you can easily search all events regardless of where they occurred
To audit Office 365 Exchange Online, SharePoint Online, OneDrive for Business and Azure Active Directory you must first create an auditing template that defines the service and for Exchange Online the type of events (mailbox and administration cmdlet) to audit and the Change Auditor agent to assign. This can only be configured through the Windows client. For more information, see the Office 365 and Azure Active Directory Auditing User Guide.
SQL auditing
To enable SQL Server auditing, you must add a SQL Auditing template to an agent configuration, which can then be assigned to the appropriate agents. Change Auditor ships with a pre-defined SQL Auditing template that can be used to audit key events on the default SQL server instance or you can create a new SQL auditing template to specify the SQL instances and SQL Server operations to be audited.
The SQL Auditing page is displayed when SQL is selected from the Auditing task list in the navigation pane of the Administration Tasks page, and contains an expandable view of all the SQL Auditing templates that have been defined. From this page you can launch the SQL Auditing wizard to specify the SQL instances and the operations to be audited. You can also edit existing templates, copy templates, disable/enable templates, or remove templates that are no longer being used.
3 |
Select SQL (under the Applications heading in the Auditing task list) to open the SQL Auditing page. |
4 |
Click Add to open the SQL Auditing wizard which steps you through the process of creating a SQL Auditing template. |
SharePoint auditing
To enable SharePoint auditing, you must deploy the Change Auditor SharePoint component to the SharePoint farms to be audited by Change Auditor, then create a SharePoint Auditing template for each SharePoint farm to be audited. The SharePoint Auditing template also defines the paths within the farm that are to be audited and specifies the agent to be used to capture the SharePoint events for the selected SharePoint farm.
The SharePoint Auditing page is displayed when SharePoint is selected from the Auditing task list in the navigation pane of the Administration Tasks page, and contains an expandable view of all the SharePoint Auditing templates that have been defined. From this page you can launch the SharePoint Auditing wizard to specify the SharePoint farm and paths to be audited. You can also edit existing templates and remove templates that are no longer being used.
3 |
Select SharePoint (under the Applications heading in the Auditing task list) to open the SharePoint Auditing page. |
4 |
Use Add to launch the SharePoint Auditing wizard which steps you through the process of creating a SharePoint Auditing template. |
Server
The tasks under this heading are used to create auditing templates that, once assigned to agent configurations, enable custom server-level auditing. After creating a template, see Agent Configuration page for information on enabling these templates.
See the following administration task descriptions for more information: