In a blog post on July 8, Microsoft announced new activity logging and reporting capabilities for Office 365. These new features will begin rolling out starting this month and will be available in the reports section of the Admin Compliance Center. These capabilities are especially important because one of the best and scariest features of Office 365 is the ability to easily share content – both inside and outside the organization – and the new capabilities make it much easier to look at what and how content is being accessed both inside and outside the organization. With the new activity logging, your admins will be able to monitor what is going on with your important information. This will help ensure that you are compliant with your own internal governance policies as well as legal and regulatory requirements.
An exciting aspect of this blog post is that Microsoft has also announced a preview of the Office 365 Management Activity API, which allows integration of this Office 365 activity data into existing third-party security and compliance reporting solutions, as well as those your organization may have created. This will enable far richer reporting and aggregation capabilities in these existing solutions, so it’s really a win for everyone, including the third-party solution vendors.
The new capabilities featured in the blog post include:
- Comprehensive logging: this capability captures events across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory. More than 150 individual events can currently be examined, including File Uploaded or Downloaded (when a user uploads or downloads a document from SharePoint or OneDrive for Business), Access Invitation Accepted (user who gets an invitation to view or edit a shared document or folder has accessed the file), Shared Link Created (user creates a link to a shared file), and External Sharing Set (user shares a file or folder with a user outside their organization).
- Office 365 Activity Report: lets you look at an individual or group of user’s activity for a specific date range and set of activities or for a specific file, folder or site. The report is a way to explore and/or save the activities captured in the activity logs.
- PowerShell Access: allows you to search the activity logs using the Search-UnifiedAuditLog cmdlet.
These new capabilities in Office 365 will help mitigate some of the risks associated with allowing external sharing for Office 365 and will definitely help support compliance audits.