PowerShell ยป Security and Compliance Logs

PowerShell scripts for Office 365

PowerShell scripts for Security and Compliance Logs

The unified audit log in the Office 365 Security and Compliance Center contains events from Exchange Online, Azure Active Directory, OneDrive for Business, Micosoft Teams, Power BI, and other Office 365 services. To search the contents of the administrator audit log, run the Search-AdminAuditLog cmdlet.

Admin activities report
Search-AdminAuditLog
[[-Cmdlets <MultiValuedProperty>]
[-DomainController <Fqdn>]
[-EndDate <ExDateTime>]
[-IsSuccess <$true | $false>]
[-ObjectIds <MultiValuedProperty>]
[-Parameters <MultiValuedProperty>]
[-ResultSize <Int32>]
[-StartDate <ExDateTime>]
[-StartIndex <Int32>]
[-UserIds <MultiValuedProperty>]
[-ExternalAccess <$true | $false>]
[<CommonParameters>]

If you run the Search-AdminAuditLog cmdlet without any parameters, up to 1,000 log entries will be returned by default.

Search-AdminAuditLog -Cmdlets New-RoleGroup, New-ManagementRoleAssignment

This script finds all the admin audit log entries that contain either the New-RoleGroup or the New-ManagementRoleAssignment cmdlet.

Search-AdminAuditLog -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota -StartDate 01/24/2019 -EndDate 02/12/2019 -IsSuccess $true

This script finds all the admin audit log entries that match the following criteria:

  • Cmdlets: Set-Mailbox
  • Parameters: UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota
  • StartDate: 01/24/2019
  • EndDate: 02/12/2019

Auditing with O365 Manager Plus

One-click access to audit reports: Instead of poring over the entire log or fiddling with the filter options in the Office 365 Security and Compliance Center, you can create audit reports and view all the audit data you need in a single click.
Advanced filtering: In the Office 365 Security and Compliance Center, you can only filter logs based on certain attribute values. With O365 Manager Plus, you can filter your logs based on any attribute, and perform multi-valued searches as needed.
Custom views: While Office 365 doesn't support custom views, you can create your own custom views with O365 Manager Plus to see filtered data, summarized data, or filtered, summarized data.
Graphical view: O365 Manager Plus' audit reports present audit data in graph format, so you can quickly and easily see what's happening in your Office 365 environment.
Export data: Using native Office 365 tools, you can only export data to a CSV file. But in O365 Manager Plus, you can export audit data in PDF, XLS, HTML, or CSV formats.