Auditing

Tracking Exchange Online Client Connections/Versions

Posted on

exchange_online_banner_sm

For those Exchange Online administrators who need to keep up with the devices and mail applications being used when connecting with their Exchange Online Mailbox, this post is for you!

Exchange Online provides many remote powershell scripts and cmdlets that can be used not only to view/review information, but also to create/write updates, modifications, changes to everything from mailboxes to mail users (contacts) to groups and policies!

Connect to Exchange Online

http://help.outlook.com/en-us/140/cc952755.aspx

Once connected as an Exchange Online Administrator, also is typically an Office 365 Global Admin, you can use the following command to determine the different devices/protocols/applications being used when connecting into Exchange Online Mailboxes:

You can add an “> c:\temp\EXO_Client_Connection_Type.csv” to save the content into a spreadsheet for later review.

Get-ConnectionByClientTypeDetailReport | select Username,ClientType > c:\temp\EXO_Client_Connection_Type.csv

To run the command and see the output in the PowerShell command-shell/window, simply run the following:
Get-ConnectionByClientTypeDetailReport | select Username,ClientType

Example Output

UserName ClientType
RyBread J. Phillips MAPI
TestUserB EAS
TestUserC EAS
TestUserA EAS
RyBread J. Phillips EAS
RyBread J. Phillips EWS
RyBread J. Phillips MAPI
TestUserA OWA
TestUserA OWA

How Microsoft Protects Your Office 365 Data

Posted on Updated on

Hi all, I ran across this Microsoft Blog/Website, which discusses such matters as Microsoft’s stance on Data Protection and Privacy, as it relates all the Microsoft Cloud Services being provided today and thought others might benefit from this as well:

MS_is_listening

Auditing and Compliance in Office 365 for SharePoint & Exchange Messaging

Posted on Updated on

Auditing and Compliance in Office 365

Audience: Office 365 for Enterprise Administrators

Office 365 includes auditing and compliance features in Exchange Online and in SharePoint Online that you can use to help your organization meet its legal, regulatory, and organizational compliance requirements.  Office 365 administrators can configure these services for themselves without contacting Support.

Exchange Online

Here’s what you can do in Exchange Online to help your organization meet its compliance requirements:

  • Comply with data retention requirements or legal requirements by preventing the deletion of email messages.
  • Search for email items related to specific legal cases or requests from regulatory authorities.
  • Control the flow of messages and implement actions based on message content or on message senders and recipients.
  • Encrypt content and enforce email usage policies.

For more information, see Security and Compliance in Exchange Online for Office 365.

Exchange Online Audit Reports

Use audit logging to troubleshoot configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements. Exchange Online provides two types of audit logging:

  • Administrator Audit Logging records any action, based on a Windows PowerShell cmdlet, performed by an administrator. This can help you troubleshoot configuration issues or identify the cause of security or compliance related issues.
    • Note – The following PowerShell operations against Exchange Online are not logged within Auditing lots:  Test-, Get-, and Search-.
  • Mailbox Audit Logging records whenever a mailbox is accessed by someone other than the person who owns the mailbox. Use this to see who’s accessing a mailbox and what they did.

Exchange Online Audit Reports:

SharePoint Online

Here’s what you can do in SharePoint Online to help your organization meet its compliance requirements:

  • Create and apply information management policies
  • Create content retention and expiration rules and policies
  • Search and create a hold to protect specific documents or items from expiration policies

For more information, see Records management and compliance in SharePoint Online.

SharePoint Online Auditing Reports

Configure Audit Settings for a Site Collection

You can use the SharePoint Online audit featureto track which users have taken what actions on the sites, content types, lists, libraries, list items, and library files of site collections. Knowing who has done what with a particular piece of information is critical for many business requirements, like regulatory compliance and records management.

Configure Events to Audit
  1. On the Site actions menu, click Site settings.
  2. If you are not at the root of your site collection, under Site Collection Administration, click Go to top level site settings.

Note:  The Site Collection Administration section will not be available if you do not have the necessary permissions.

  1. On the Site Settings page, under Site Collection Administration, click Site collection audit settings.
  2. On the Configure Audit Settings page, in the Documents and Items and List, Libraries, and Site sections, select the events you want to audit, and then click OK.

Which events you audit depends on your auditing needs. For example, regulatory compliance usually has specific requirements that will dictate which events you need to audit. We recommend that you only audit the events required to meet your needs. Additional unnecessary auditing can affect the performance and other aspects of the site collection.

Important   

If you are using SharePoint Online for Microsoft Office 365 for enterprises, auditing for Opening or downloading documents, viewing items in lists, or viewing item properties is not available because of storage and performance concerns.

View Audit Log Reports

You can use the SharePoint Online audit log reports to view the data in the audit logs for a site collection. You can sort, filter, and analyze this data to determine who has done what with sites, lists, libraries, content types, list items, and library files in the site collection. For example, you can figure out who deleted a particular piece of content.

View Audit Log Reports

To view an audit log report:

  1. On the Site actions menu , click Site settings.
  2. If you are not at the root of your site collection, under Site Collection Administration, click Go to top level site settings.

Note:  The Site Collection Administration section will not be available if you do not have the necessary permissions, such as by being a member of the default Site Collections Administrators group.

  1. In the Site Collection Administration section, select Audit log reports.
  2. On the View Auditing Reports page, select the report that you want, such as Deletion.
  3. Type or Browse to the library where you want to save the report and click OK.
  4. On the Operation Completed Successfully page, click “click here to view this report.”

Notes 

  • Excel 2010 must be installed to view audit log reports by clicking click here to view this report.
  • Alternatively, if opening documents in the browser is enabled for the library, go to the library where you saved the audit log report, point to the audit log report, click the down arrow, and then click View in Browser.

You can now use standard Excel features to narrow the reports to the information you want. Some ways in which you can analyze and view the log data include:

  • Filtering the audit log report for a specific site.
  • Filtering the audit log report for a particular date range.
  • Sorting the audit log report.
  • Determining who has updated content.
  • Determining which content has been deleted but not restored.
  • Viewing the changes to permissions on an item.