Get A Quote

Office 365 log monitoring can represent an effective strategy to achieve cloud security and leverage the newly-generated log data to get insights about user behaviour and insider threats. When talking about Office 365 logs, we refer to logs generated by cloud-based Office 365 applications, such as Azure Active Directory (AD), SharePoint, Exchange, Sway, eDiscovery etc. In this article, the benefits of exporting and analyzing those logs in SIEMs or with an MSSP will be explained as much as the information that can get extracted from them.

 

Benefits of Office 365 Log Monitoring

Unfortunately, the vast majority of organizations are at a loss when it comes to cloud security and are still discovering the potential possibilities and challenges of cloud environments. In fact, too many organizations are not aware of how cloud-based application logs can help them get informed about administrator-privilege accesses, end-point user behavior, user access, log-in history including log-in times and location, and user sharing behavior.

Monitoring Office 365 logs offers a variety of benefits for organizations, including increased security maturity or enhanced detection capabilities, which are traditionally part of Data Loss Prevention (DLP) solutions. By monitoring and analyzing Office 365 security logs in a structured way, for example with’s ArkAngel platform, and referring to the control-based approach adopted at Hitachi, your organization can achieve greater security maturity and fulfill certain important 20 CIS Critical Security Controls, such as:

 

Examples of Office 365 Log Monitoring

Here some examples of what can be detected by analyzing logs extracted by Office 365 services:

 

 

 

 

Benefits of Using a Third-Party Entity for Office 365 Log Monitoring

As explained above, Office 365 in itself does a very good job in terms of auditing. Unfortunately, the Office 365 portal to view logs has very limited functionalities when it comes to searching (limited options), exporting (limited to 10,000 logs) and archiving (only possible for up to 90 days). Office 365 Log Monitoring services, offered by third-party entities, address these shortcomings and enable organizations to search better, export more logs and archive logs for longer periods of time. From a security perspective, it is considered best practise not to keep the logs within the same system that generated them because logs can be modified by users with privileged rights. By engaging with a third-party system to trace log data, your organization can overcome this shortcoming.

 

Conclusion

To make sure that your cloud-based application remains secure and protected against data theft, security breaches and cyber attacks, Office 365 log monitoring represents an effective strategy to achieve cloud security and leverage the newly-generated log data that would otherwise be left untouched. has built an Office 365 Cloud Connector as part of our ArkAngel platform to meet today’s sophisticated cloud security requirements for Office 365 users. Curious about how it works? Get in touch with us today to learn more!

Office 365 Cloud Security - Get a Quote

phone-handsetcrossmenu