Office 365 log analytics General and DLP. If you need a maximum of ten years – the you will need a third license (10-year Audit Log Retention add-on) option. Mar 14, 2021 · Under Configuration , click Data connectors. Note that the service usage log is not the log of individual user actions. Jan 13, 2022 · Microsoft Sentinel is Microsoft’s log aggregator. Sep 18, 2025 · Within the Audit log search screen, Power Platform admins can search audit logs across many popular services including eDiscovery, Exchange, Power BI, Microsoft Entra ID, Microsoft Teams, customer engagement apps (Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Field Service, Dynamics 365 Marketing, and Dynamics 365 Project Service Automation), and Microsoft Power Apps. Apr 2, 2024 · Learn how to use workbooks in Entra ID to audit Microsoft Entra sign-ins, Conditional Access policies, and SSPR for effective identity and access management. By collecting and analyzing data from Office 365 using Sumo Logic’s log analysis app, you gain a deep understanding of how your users interact with the diverse O365 apps. Along with other data, Sentinel can ingest events from the Office 365 audit log. Mar 29, 2022 · We have the Office365 Unified Audit log brought into an Azure Log Analytics Workspace, however i cannot find events that relate to Microsoft Stream. Let’s get started with the configuration! Aug 1, 2018 · Problem: various apps and TAs exist but none of them are reliable and/or supported. You can visualize and analyze Microsoft 365 usage data, create custom reports and share the insights within your organization. Collect / retrieve Office365, AzureAD and DLP audit logs and output to PRTG, Azure Log Analytics Workspace, SQL, Graylog, Fluentd, and/or file output. May 20, 2022 · This license will extend the period to one year. However, sometimes security teams require custom reporting solutions to create dedicated views Manage audit log retention policies - Microsoft 365 Compliance | Microsoft Docs For Azure Audit Logs/sign in Logs, I forwarded the log to Log analytics and set the log analytics to keep logs for one year. Learn about how Microsoft 365 uses comprehensive audit logging and monitoring to support security monitoring, maintain service availability, and meet compliance requirements. net Nov 22, 2018 · How to monitor Office 365 with Azure Log Analytics In Azure Log Analytics is available a specific solution that consolidates within the Log Analytics workspace different information from the environment Office 365, making the consultation of the data simple and intuitive. microsoft. - ddbnl/office365-audit-log-collector Nov 9, 2020 · Send the data (Office 365 Management API and Graph API) to Azure Sentinel Log analytics workspace via a custom log tables: JSON Request body: @ {body ('HTTP_-_GraphAPI')} Feb 22, 2023 · For information, see the Data Loss Prevention entries in the Exchange Online Service Description. Collect / retrieve Office365, Azure and DLP audit logs and output to PRTG, Azure Log Analytics Workspace, Graylog, and/or file output. Therefore, it's essential to regularly audit password changes and resets. I am not sure, but by default Log analytics keeps logs for 7 days or 30 days for free. Prerequisites You need to have an Azure Subscription, ability to create an Azure Function App. May 23, 2025 · Microsoft 365 (M365) provides comprehensive logging capabilities to track user activities, administrative actions, security events, and more across its cloud services[2] [1]. This is an analytics engine that extracts much more analytics from M365 than is available out of the box. We would like to show you a description here but the site won’t allow us. ) Click Open connector page. The events show up fine in the Compliance Centre Audit Log, but they are not in Azure Log Analytics in the expected "OfficeActivity" Table. Please note that it can take up to 24 hours for Office 365 audit logs to be ingested in the Azure Log Analytics and to become visible in Azure Sentinel. Since that time Azure Sentinel (which sits of top of Azure Log Analy… Sep 16, 2024 · Use Microsoft 365 usage analytics within Power BI to gain insights on how your organization is adopting the various services within Microsoft 365. com) These templates will give you an example how to build a Microsoft Defender for Office 365 custom report using Power BI. Aug 29, 2025 · A Log Analytics workspace is a data store into which you can collect any type of log data from all of your Azure and non-Azure resources and applications. I'd suggest you try AdminDroid Office 365 Reporting tool. I would like to send all of the Unified Audit Log from M365 Tenant A to log analytics for storage, alerts, etc in Tenant B. Sample KQL queries for Azure Log Analytics against Office 365 audit logs and Azure AD Audit or Sign-in logs. Azure Welcome to the Office 365 Advanced Analytics project home. This way you can visualize Microsoft Defender for Office 365 (MDO) data based on your organization needs. Previously, MyAnalytics was only available with an Enterprise E5 plan or as an add-on to E1 and E3 plans. Azure Sentinel now enables Office 365 single-tenant connection. This guide will help you easily track password changes, audit resets, and monitor the last password change for each user, ensuring you meet security standards and reduce risks. Some of the use cases you can solve with this data in Azure Monitor As you plan your Microsoft Sentinel deployment, you typically want to understand its pricing and billing models to optimize your costs. Dec 5, 2024 · Learn how to analyze audit, sign-in, and provisioning logs Microsoft Entra ID using Log Analytics queries. . Microsoft Purview Audit (Premium) is part of Microsoft & Office 365 E5, Microsoft 365 E5 Compliance, and Microsoft 365 E5 eDiscovery and Audit. Usage Analytics tracks and analyzes user activities across applications such as Microsoft Word, Excel, PowerPoint, Outlook, Teams, SharePoint, and more. May 23, 2019 · To use the relevant schema in Log Analytics for the Office 365 logs, search for OfficeActivity. Jun 21, 2023 · You’ll mostly want to export the logs to a Log Analytics Workspace, because it gives you the possibility to comfortably query the data via the Kusto Query Language (KQL). Billing is based on the volume of data analyzed in Microsoft Sentinel and stored in the Log Analytics workspace. Where Diagnostic Logs are sent (Storage Account, Event Hubs, and/or OMS Log Analytics). How can I ingest it? I do NOT mean only Azure Log-Ins which I can send by adding a Diagnostics Settings in Azure… Log collection from many security appliances and devices are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. The Azure Function App uses a PowerShell script to collect Office 365 Audit. Workspace configuration options let you manage all of your log data in one workspace to meet the operations, analysis, and auditing needs of different personas in your organization through: Azure Monitor features, such as built-in insights How to Audit Password Changes in Microsoft 365 Unauthorized password changes can compromise accounts and lead to data breaches in Microsoft 365. Sep 24, 2019 · At this point, we've connected the tenant - now we can go and digest the data in log analytics with the link in the connector: Office 365 Data Connector in Azure Sentinel has successfully been configured. Mar 5, 2024 · Microsoft 365 usage analytics provides a dashboard in Power BI that offers insights into how users adopt and use Microsoft 365. You need to have an account with permissions to run get-messagetrace in Office 365. With the enriched properties from Global Secure Access log data includes device information related to the user activities. Oct 16, 2025 · Learn about supported data connectors, like Microsoft Defender XDR (formerly Microsoft 365 Defender), Microsoft 365 and Office 365, Microsoft Entra ID, ATP, and Defender for Cloud Apps to Microsoft Sentinel. Jan 8, 2025 · Microsoft Defender for Office 365 Detection Details Report – Updated Power BI template for Microsoft Sentinel and Log Analytics Learn more about Microsoft Defender XDR. Including Exchange, SharePoint and Teams logs. These logs are crucial for security monitoring, compliance audits, and troubleshooting. Select Office 365 connector. This article provides an overview of Microsoft 365’s audit logging Oct 11, 2025 · Learn how to start collecting data for your tenant by using the Microsoft 365 Usage Analytics template app in Power BI. Gain actionable insights into your Microsoft Teams usage & create reports to help improve your business performance with Analytics 365. ² Defender for Office 365 is available in Office 365 Enterprise E5, but you can also purchase Defender for Office 365 as an add-on to other subscription plans. The valuable information provided by the real-time analytics helps optimize your Office 365 integration for both security and compliance purposes. johnjoyner. The AppID principal has Log Analytics Reader permissions to both the Log Mar 6, 2024 · Analytics for Office 365 refers to the process of collecting, analyzing, and interpreting data from various applications within the suite, such as SharePoint, Teams, and Exchange. Forwarding your logs to Azure Monitor lets you observe your Customer Instance - Data instance with great flexibility. Sentinel/Log Analytics version: Requires the Defender XDR connector in Sentinel for the EmailEvents, EmailPostDeliveryEvents, EmailUrlInfo, UrlClickEvents and May 19, 2021 · Table 1: Log Retention in Azure AD under different license tiers Conditional Access Insights and Reporting Workbook The Conditional Access Insights and Reporting Workbook is based on an Azure Log Analytics Workspace and allows for both the retention of logs past the Azure AD defaults and provides a nice dashboard to make sign-in logs a lot more user friendly and informative at a glance. Below, we outline the key types of logs in M365 and provide a step-by-step guide to ensure all logging is fully enabled and Oct 27, 2025 · The Microsoft 365, Office 365 extension uses audit logs to count users of the O365 services and, optionally, to report user usage of the O365 services. I want to enable log analytics in office 365 tenant with the same subscription of Azure. g. Apr 6, 2023 · I have 2 tenants , one office 365 tenant and one azure tenant. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent. Sep 29, 2025 · Audit logs play an important role in maintaining, troubleshooting, and protecting both customer tenants and the internal Microsoft 365 infrastructure. Background – What’s Data Loss Prevention? (docs. Azure Monitor resource logs let you monitor and send logs to Azure Storage, Azure Log Analytics, or stream them to Azure Event Hubs. This gives you a great overview … Jul 4, 2019 · I'm using Client Credentials to query Office 365 Audit data stored in Log Analytics. Analytics 365 Support | Sign InNew User? Sign Up Create an account to submit tickets, read articles and engage in our community. Search Office 365. How long each log category should be retained in a Storage Account, with a retention of zero days meaning that logs are kept forever. Jan 13, 2025 · Implementing this script as part of an Azure Function will allow you to ingest Office 365 Message traces to Log Analytics. Microsoft Viva Insights offers tools and resources to enhance productivity, well-being, and collaboration through data-driven insights and recommendations. Oct 7, 2021 · Discovering Microsoft 365 Logs within your Organization Part 1 Unified Access Log (UAL) I was recently asked to deliver a session around hunting Microsoft 365 logs to help an organization determine the various methods and limits to each. This seemed like an easy ask and I was sure someone already put together content. Feb 14, 2024 · Microsoft Graph is an interface that enables developers and admins to access and manage a wealth of data across Microsoft 365 services. The analytics provide deep Office 365 usage insights to IT admins and companies to how their employees are using Office 365. Collaborate for free with online versions of Microsoft Word, PowerPoint, Excel, and OneNote. May 21, 2025 · Security teams in both small and large organizations track key metrics to make critical security decisions and identify meaningful trends in their organizations. The cost of both is combined in a simplified Oct 2, 2025 · Describes how to connect to Azure Log Analytics and provides four available configuration scenarios. Review the dashboard and overview Going back to my Azure Sentinel dashboard, I can see an overview of what's been happening. Jan 2, 2019 · MyAnalytics —the fitness tracker for work—will be available to everyone using Office 365 and Microsoft 365 Enterprise and Business suites that include Exchange Online. See full list on blog. Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security posture to support these needs. Once Nov 4, 2024 · Learn how to use the sign-ins using legacy authentication workbook in Microsoft Entra ID to identify apps using legacy methods. Sign in to access Viva Insights and manage your account. How can I achieve it? What table is the data stored in ? Anyone ? May 6, 2025 · What the logs provide Microsoft 365 audit logs provide information about Microsoft 365 workloads, so you can review network diagnostic data, performance data, and security events relevant to Microsoft 365 apps. Aug 5, 2020 · Office 365 provides the usage analytics dashboard which is powered by Power BI. Microsoft Sentinel's security analytics data is stored in an Azure Monitor Log Analytics workspace. Oct 28, 2019 · A few months ago I shared a tweet with a few quick links for learning about Kusto Query Language (KQL) and Azure Log Analytics. You can view the activities trend by Event time/Office 365 services/ User/Performed operation, etc. We could have just as easily sent the results to Google Mail or a slack channel. Apr 14, 2025 · Audit logs for Office 365 tenants collected by Azure Sentinel. Save documents, spreadsheets, and presentations online, in OneDrive. All Activity logs and ingests into a custom table in Azure Sentinel (custom tables end with _CL when created in Log Analytics). The most difficult part for me is that, Need automatic authentication in powershell, with current login admin account privilege for export, then proceed export reports. For more information, see the Microsoft Defender for Office 365 Service Description. The secrets for the required connections are stored in Azure Key Vault. Mar 11, 2025 · Forward logs from Dynamics 365 Customer Insights - Data using Azure Monitor. Once ingested, we can visualize the data through workbooks. Who has access? Dec 21, 2022 · Learn to set up Microsoft Sentinel with Office 365 and other services for threat detection and execute an automated response to protect your environment. Because of the scale at which Microsoft 365 operates, Microsoft strategically manages the collection and processing of audit logs to ensure efficient and effective monitoring. May 16, 2022 · Office365 Unified Audit log bring into an Azure Log Analytics Workspace Hi, the task is simple I guess, but somehow I'm failing to find the information I need. The Office 365 activity log connector provides insight into ongoing user activities (e. Jul 9, 2019 · For our example we will first connect to a Log Analytics Workspace, run a Kusto Query, and then email the alerts using Office 365. Microsoft Graph activity logs (preview) enhance the security analysis by storing the logs in the Azure Log Analytics interface or enabling exporting Jan 11, 2025 · In this blog post, I will show you the steps on how to enable Microsoft 365 usage analytics. Sep 18, 2019 · This is something I’ve been hoping and waiting for, and it’s finally out and available to most Office 365 subscription plans… the MyAnalytics Dashboard. I would like to ingest Oiffce365 telemetry (unified audit logs and whatever else is there) into my Log Analytics workspace. Mar 30, 2023 · I have 2 Tenants. Among its key features, activity logs play a crucial role in monitoring and maintaining Microsoft 365 security. In this article, you learn how to export, configure, and view Microsoft 365 audit log records. Microsoft 365 usage analytics provides useful Insights about users using Microsoft 365 services and apps. The dashboard is just a starting point to interact with the usage data. Apr 21, 2020 · Before Azure Sentinel, the Log Analytics had an O365 solution that you could install to the Log Analytics workspace to get O365 events to the workspace (This solution will be deprecated in the near future). It has 18 visually appealing dashboards to show Office 365 usage and adoption. (the usage and activity reports same as in Office 365 admin center) Is there anyone could help to give me some sample for this? Thank you very much . If you have an Azure subscription, it’s surprisingly easy to take advantage of the 31-day trial to see if Sentinel can do a job for your organization. The core part of this solution is an ingestion engine that collects enhanced M365 usage data and stores it into a single SQL Server database. Which log categories are sent. file downloads, access requests sent, changes to group events, etc. Now, you can ingest O365 data to Azure Sentinel with an O365 data connector.