Audit Profiles

Under this section you can enable an audit at a frequency. You can also add new audit profiles, under a particular category, and perform actions corresponding to the category. The profile added can then be viewed in the Audit Tab, under the configured Service and Category.

Under this section you can:

To enable Auditing

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Audit Profiles in the left pane.
  • Choose the Office 365 tenant.
  • To enable audit, tap the toggle bar.
  • You can set a frequency interval at which you would like to Fetch Data.

To add a new profile:

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Audit Profiles in the left pane.
  • Click Add profile.
  • In the profile configuration page,
    • Give a Profile Name and Description of your choice.
    • Select the Office 365 service and the Category from the respective drop-down lists.
    • Select the Actions that must be audited. Multiple actions can be selected.
    • Click on Advanced Configuration to refine the audit reports.
      • Select Business Hours Filter to choose whether the audit logs should be collected during business hours or non-business hours. If you haven't configured your business hours in the tool, you will be prompted to configure before using this feature. Click here to know how to configure business hours.
      • Select the Filter option to set attribute-based conditions, based on which the audit logs must be collected. Use the + option to add multiple conditions.
    • Click Add.
    • Now you will be taken to the Configure Profile page, where you can see the profile you created listed in the table along with the other profiles. Click View Report in the Reports column to view the consolidated report.
  • In the Filter section, the attribute Target refers to the object on which the action must be performed, and Caller refers to the object which performs the action.
  • The audit report generated for the group will constitute all the members present in the group at the time of view.

View an existing profile

  • Go to theSettings tab.
  • Select Configuration → Audit Configuration → Audit Profiles in the left pane.
  • Click Search icon if you are looking for a specific profile.
  • You can view profiles of a specific Office 365 Service or/and Category by clicking the corresponding tab
  • You can also view Enabled/Disabled profiles using the Filter option found at the top right corner of the table.

Modify an existing profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Audit Profiles in the left pane.
  • Select the checkbox corresponding to the profile that you wish to modify. You can select multiple profiles.
  • Select Manage drop-down found at the left corner of the table.
    • Click Enable icon under Actions column, if you wish to enable a disabled profile.
    • Click Disable under Actions column, if you wish to disable an enabled profile.
    • Click Edit under Actions column, to make any changes to the existing profile.

Delete an existing profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Audit Profiles in the left pane.
  • To delete a single audit profile, click the corresponding delete icon, found under the Action column.
  • To delete multiple audit profiles, select the checkbox corresponding to the profiles you want to delete, and select the delete icon found at the top of the table.

Target Objects:

These are objects on which mailbox login, delete modification and more such events can be performed. They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts. Target groups are the Active Directory groups.

Target Callers:

These are objects who perform events like mailbox login, deletion, creation and much more on the Target Objects.

They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts. Target groups are the Active Directory groups.

Report Generation:

When you want to generate a report, you can choose the corresponding users as well as groups and a cumulative report will be generated. For Target Groups, the report will be generated only for current group members.

For example, assume that mailbox 'A' has been delegated to user 'X' and 'Y'.In order to create a profile, which will report the non-owner accesses of mailbox "A", the Target Object will be Mailbox A and the Target Callers will be Users X and Y.

Get download link