Level up Office 365 Auditing with SysKit Security Manager

Finding the right and prompt information about user activity in the vast expanse of your Office 365 cloud can be a real pain in the neck. You can spend minutes and even hours searching for the right Office 365 audit logs. 

Even when you find the logs you need, you can’t send them in a nice and understandable form to your boss, who, as a non-admin, can’t read that peculiar language of logs.

That’s where SysKit Security Manager comes to the rescue! Continue reading for a detailed breakdown of how it can help you do your Office 365 auditing, or check out a post with a quick overview of Security Manager’s Office 365 audit features.

Find Office 365 activities faster with contextual Office 365 auditing

As we mentioned, Office 365 is a vast expanse of apps, users, settings, and activity. If you’re an admin working for a company that uses Office 365 on a daily basis, you are aware of this administrative nightmare.  

You have probably pulled out your hair from despair more than once trying to figure out who removed Janie from the Azure Active Directory, who deleted a paycheck table in the Finance Office 365 Group or changed the sharing settings in your Microsoft Teams.  

Surely, you must have reached out to the audit logs report looking for much needed help. But as soon as you opened it, you must have realized how looking for the right log will take you more time than you expected. Since the audit log search page displays unified Office 365 audit logs for all user and admin activity, you will get a list of results that can go up to 5,000 events!  

There is a quicker solution. SysKit Security Manager displays logs in the context of a specific Office 365 Group, Microsoft Team, Site or OneDrive, which makes the job of searching for the right activity a lot easier! You can even search audit logs for a specific user.

So, if we take an example of deleting a paycheck table, you can navigate straight to the Office 365 Groups explorer, select the Group „Finance“, and find all activities related to it under the audit tab.  

Not only will you find your information faster with the contextual Office 365 audit logs display, but you can also customize how audit log search works by selecting only the activities you are interested in. This way you can avoid unnecessary clutter in your audit reports.  

Break the limitations of built-in Office 365 audit search  

Let’s take a look at the first example of Janie losing her access. Sure, the out-of-the-box Office 365 audit report comes with the search option, but it’s limited. A built-in search for ‘User X’ will only show actions performed by ‘User X’ and, in this case, you are missing that important piece of information – the user who removed Janie’s access.  

It would be much easier if you could enter Janie‘s name under the User in the search menu, and get the logs related to her, right? Well, wish no more! SysKit Security Manager returns all results related to a user which might have been performed by another user. So, you can find that activity of removing Janie’s access, even if you don’t know which user did it.  

Generate Office 365 audit logs from any period you want 

Let’s say you have got the task to analyze the Microsoft Teams usage adoption in your company. So you want to create a report with the Microsoft Teams user activity in the last six months.

Unfortunately, that wouldn’t be possible with the out-of-the-box Office 365 audit reports. With the standard (E3) license you can dig up audit logs for the events happening only in the last 90 days.  

Luckily, with Security Manager you can store and analyze audit data beyond the 90-day limit and keep your audit data as long as you want to.

You can customize the time frame when generating Office 365 audit logs, so you can go back in time and report on past activities. You can use the reports to make a comparison between past and current activities.  

Export and send Office 365 audit reports  

There are only a few predefined audit log reports in Office 365 activity that come with the Office 365 license. If you want to present them to other people, like auditors or managers, you need to use the built-in export option, which can be hard to read as it comes in a .csv format. To have a feeling of what we are talking about, take a look at the example below.

If you want to have a readable format, you need to export the data you want to showcase into Excel and send it manually. And that’s just way too time–consuming.  

SysKit Security Manager comes to the rescue once again! It offers a more user-friendly export to Excel with support for all advanced Excel functions like sorting and filtering.  All the log details are shown in expandable rows, so you can expand or collapse them as needed. Check how Security Manager’s export looks like in the example below.

This way, you can present your reports in an understandable format that business people can read much faster and further analyze.  

Also, you can automatically send reports to email addresses or a SharePoint library you have specified upfront. No need to think about whether you forgot to send that last monthly report, as SysKit Security Manager does the job for you. To learn more about this topic, read our guide on SharePoint auditing.