The native Microsoft 365 auditing tool does not show any disparity while fetching audit logs. It fetches audit logs round the clock and so does M365 Security Plus. But the advantage in using M365 Security Plus is that it offers a separate option to distinguish between the activities that take place within and outside the business hours of your organization. Most internal attacks can be traced back to a change or an activity that occurred past the usual work hours. So, having a focused approach towards monitoring such incidents helps you to protect your organization effectively.
The process is simple, consisting of two steps:
- Configuring business hours
- Fetching the required audit logs
1. Configuring business hours
In M365 Security Plus, you can configure the business hours of your organization as follows:
- Under the Auditing & Monitoring section, go to the Settings tab.
- Navigate to Configuration > Other Configuration > Business Hours.
- Check the box next to Configure Business Hours.
- Choose the working hours and days from the drop-down.
- Click Save.
2. Fetching the required audit logs
First, create an audit profile as per your requirements:
- Go to the Settings tab.
- Navigate to Configuration > Audit Configuration > Audit Profiles.
- Click the Add Profile option located in the top-right corner.
- Enter a suitable Name and Description for the audit profile.
- Choose a Microsoft 365 Service and Category from the drop-down.
- Select one or multiple Actions that you want to audit.
- Under Advanced Configuration > Filter Settings, check the box next to Business Hours Filter.
- Click Add.
After creating the audit profile:
- Go to the Audit tab.
- Select the profile you created from the left pane.
- Choose the report for which you want to view data.
- In the Business Hours drop-down, choose Non-Business Hours.
- The report will refresh automatically and show the audit data logged during non-business hours.
You can export the report to PDF, CSV, HTML, or CSV format using the Export As option found at the top-right corner, or you can email the report directly from M365 Security Plus by choosing More > Send Mail from the top-right corner of the page.