Azure Active Directory group auditing
Grouping users in Azure AD can make your job as an administrator much easier, especially when it comes to policy application and permission management. When you group users in O365 Manager Plus, instead of granting rights to each user individually, you can just grant permissions to the group they are a part of. Whenever a new user is added to the group, they will automatically be granted permission to that group.
Since groups carry permissions, you need to track when users are added to or removed from groups to prevent critical resources from falling into the wrong hands. O365 Manager Plus, our extensive Office 365 reporting, management, and auditing solution, can help you do just that.
What can you audit with O365 Manager Plus?
The native Office 365 portal provides audit log information for created, modified, and deleted groups alone. O365 Manager Plus, on the other hand, provides a multitude of reports on the actions that go on in your Office 365 setup:
- Created group: Get details on groups created in Azure AD with information on group name, group ID, who created the group, and when.
- Updated group: Get details on groups modified by users with information on group name, group ID, operation performed, operation status, and more.
- Deleted group: Get details on groups deleted in Azure AD with information on group name, group ID, who deleted the group, and when. Deletion is quite important as this action may lead to a loss of access to resources.
- Added member to group: Get information on users added to a group. This helps you cross-check if the member can be added to that group or not.
- Removed member from group: Know when a user is removed from a group, with details on who removed them and when.
- Created group settings: Get audit details when new group settings have been configured.
- Updated group settings: Get audit details on modified group attributes.
Office 365 vs. O365 Manager Plus
- Long-term historical data: In native Office 365, there are limits to how long you can retrieve historical data based on the data being audited. O365 Manager Plus stores audit data indefinitely to maintain complete records.
- Real-time auditing: Instead of gathering data for audit reports every single time, O365 Manager Plus keeps audit reports updated in real time.
- Profile-based auditing: Instead of having to peruse the entire list of audit reports to find the right one (as required in Office 365), O365 Manager Plus lets you create your own profiles so you can view only those audit details you need to see.
- Group-based auditing: While auditing Azure AD, O365 Manager Plus lets you generate reports for user activities based on group membership. Native Office 365 can't audit user activities based on group membership.
- Advanced filtering: In native Office 365, you can only filter logs based on certain attribute values. Use O365 Manager Plus to filter your logs based on any attribute and perform multi-valued searches as needed.
- Custom views: While Office 365 doesn't support custom views, with O365 Manager Plus you can create your own custom views to see filtered data, summarized data, or summarized data that is filtered. [Learn more]
- Business hours auditing: Office 365 doesn't support restricted time frame auditing, but O365 Manager Plus lets you retrieve audit details based on business hours or a specific period of time.
- Export data: In native Office 365, you can only export data to CSV. In O365 Manager Plus, you can export audit data to PDF, XLS, HTML, or CSV.
Refer to our comparison chart to learn more about how O365 Manager Plus stacks up to the native tools in Office 365.