Office 365 Security Monitoring

Office 365 Security Monitoring

Monitoring Office 365 logs for security reasons is critical to ensuring the safety and integrity of your organization’s data and applications. Office 365 logs contain valuable information about user activity, system events, and application performance, which can help you detect and prevent potential security threats and compliance violations.

By monitoring Office 365 logs, we can quickly identify suspicious user behaviour, such as unauthorized access attempts, and investigate potential security incidents. We can also monitor activity across multiple Microsoft 365 services, including Exchange Online, SharePoint Online, and OneDrive for Business, to comprehensively monitor the security of your Microsoft 365 environment.

How Does It Work?

Many regulatory frameworks, such as HIPAA and GDPR, require organizations to maintain audit logs beyond the Microsoft 365 retention periods; and also regularly monitor them for security and compliance purposes.

To enable our analysts to monitor your Microsoft 365 tenancy:

In Azure Active Directory, create a new App Registration:

  1. Name: FoxTech-SOC
  2. API Permissions (all Application Permissions)
    1. Office 365 Management APIs:
      1. ActivityFeed.Read
      2. ActivityFeed.ReadDlp
    2. Microsoft Graph API
      1. AuditLog.Read.All
    3. Grant Admin Consent
  3. Create new Secret and note Key name and Value and send this to us.