Audit Profiles

Under this section you can enable an audit at a frequency. You can also add new audit profiles, under a particular category, and perform actions corresponding to the category. The profile added can then be viewed in the Audit Tab, under the configured Service and Category.

Under this section you can:

Enable auditing
Add new alert profile
View an existing profile
Modify an existing profile
Delete an existing profile

To enable Auditing

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.
Choose the Microsoft 365 tenant.
To enable audit, tap the Enable Audit toggle bar.
You can set a frequency interval at which you would like to Fetch Data.

To add a new profile:

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.
Click Add profile.
In the profile configuration page,
- Give a Profile Name and Description of your choice.
- Select the Microsoft 365 service and the Category from the respective drop-down lists.
- Select the Actions that must be audited. Multiple actions can be selected.
- Click on Advanced Configuration to refine the audit reports.
  - Select Business Hours Filter to choose whether the audit logs should be collected during business hours or non-business hours. If you haven't configured your business hours in the tool, you will be prompted to configure before using this feature. Click here to know how to configure business hours.
  - Select the Filter by Column option to set attribute-based conditions, based on which the audit logs must be displayed. Use the + option to add multiple conditions.
- Click Add.
- Now you will be taken to the Configure Profile page, where you can see the profile you created listed in the table along with the other profiles. Click View Report in the Reports column to view the consolidated report.

In the Filter section, the attribute Target refers to the object on which the action must be performed, and Caller refers to the object which performs the action.
The audit report generated for the group will constitute all the members present in the group at the time of view.

View an existing profile

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.
Click icon if you are looking for a specific profile.
You can view profiles of a specific Microsoft 365 Service or/and Category by clicking the corresponding tab.
You can also view Enabled/Disabled profiles using the Filter option found at the top right corner of the table.

Modify an existing profile

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.

Manage an existing profile

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.
Select the checkbox corresponding to the profile that you wish to manage. You can select multiple profiles.

Select Manage drop-down found at the left corner of the table.

Click the icon under the Actions column, if you wish to enable a disabled profile.
Click the icon under the Actions column, if you wish to disable an enabled profile.
Click the icon under the Actions column, if you wish to delete a profile.

Modify an existing profile

Go to the Settings tab.
Select Configuration → Select Manage drop-down found at the left corner of the table.

Click the icon under the Actions column, if you wish to edit a profile.
On the Audit Profile Configuration page, you can edit the Profile Name, Description, Microsoft 365 Service, Category the profile falls into as well as the Actions the profile takes when enabled.

Delete an existing profile

Go to the Settings tab.
Select Configuration → Audit Configuration → Audit Profiles in the left pane.
To delete a single audit profile, click the corresponding icon, found under the Action column.
To delete multiple audit profiles, select the checkbox corresponding to the profiles you want to delete, and select the icon found at the top of the table.

Targets

These are objects on which mailbox login, delete modification and more such events can be performed. They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts.

Callers

These are objects who perform events like mailbox login, deletion, creation and much more on the Target Objects.

They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts.

Report Generation

When you want to generate a report, you can choose the corresponding users as well as groups and a cumulative report will be generated. For Target Groups, the report will be generated only for current group members.

For example, assume that mailbox 'A' has been delegated to user 'X' and 'Y'. In order to create a profile, which will report the non-owner accesses of mailbox "A", the Target will be Mailbox A and the Callers can be anyone.

Previous Topic Next Topic