Checks and balances with Audit and Compliance
Have you moved your IT infrastructure to the cloud? Do you have users with mailboxes, SharePoint, OneDrive, Teams and more deployed on Office 365? You might be feeling that many of those rigorous checks and balances that you performed as part of your on-premises audit and compliance processes might no longer be available? And of course, there are more features and services available in the cloud than were available on premises. This in itself brings new challenges.
Microsoft has provided for you, in Office 365, a robust auditing capability. And while you can use the various Microsoft portals to carry out different types of query against this audit data, there are limitations and complexities.
We bring all the data together into one central place, making it more useful and more accessible than ever before.
That place is our Audi and Compliance module. It has many powerful capabilities, as described previously. It brings to the table many benefits, some of which I’ll describe below:
Long term storage
Microsoft allows you to search back 90 days for audit events. This is really not long enough and that’s why we decided that by default we will store the data we receive from Microsoft for 1 year. You’ll also be able to extend that to whatever length of time you need to in the near future.
Searching is easier
We try to take the pain out of searching the audit events. We provide a powerful search capability allowing you to find relevant events for your enquiry or investigation. You can even use our robust free text search to search for file names, folder names or operations performed on or by particular users.
Focus, focus, focus
Our search is lightning fast. You’ll quickly find that once you get results you can narrow your focus by using the advanced search inside our data grid to quickly get to what you need.
Even then there might still be some ‘noise’ events that you’re not really interested in. That’s no problem, you can mark the events that are interesting and add comments.
We recognised early on that just getting a table of results wasn’t enough for most people. That’s why we show the data in many relevant ways including a map view for those events which have geo-location information, a data table with additional filtering capabilities, a timeline and a graph showing quantity of events over time, relating to your search.
We decided it wasn’t good enough just to be able to search this audit data, you have to be able to turn it, quickly and easily into something presentable to a non-IT audience. We introduced an Audit Report where details of your search, comments, and interesting events (that you flagged) are shown.
This is just the beginning
We’re currently working on creating several one-click reports. For example, you’ll be able to see external activities against your Office 365 tenant. These are things like Microsoft moving mailboxes, or other background Office 365 type activities. It also includes people who have delegated administration access to your tenant. We’ll be adding this report and many more useful one-click reports in the near future.
In our road map are machine learning and anomaly detection. These will help you to discover the most relevant information more quickly. We’re currently trying this out and seeing amazing results. For example we can see for a particular user that they normally generate a handful of Exchange logon events per day, but a couple of times over the last 30 days they’ve generated dozens. This sort of interesting data requires further investigation, but without machine learning and anomaly detection would most likely go unnoticed.
Watch out for more blogs about this exciting development in the coming months. In the meantime why not signup for a free, extended trial of our Office 365 Audit and Compliance module?