Skip to main content

Microsoft Policy And Compliance

An integration for Microsoft's management using PowerShell",

Need to find if a user viewed a specific document or purged an item from their mailbox? If so, use the MicrosoftPolicyAndComplianceAuditLog integration to search the unified audit log to view user and administrator activity in your organization.

The unified audit log contains events from

  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Azure Active Directory
  • Microsoft Teams
  • Power BI
  • and other Microsoft 365 services

You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the action, the user who performed the action, or the target object.

What does this pack do?

You can search for the following types of user and admin activity in Microsoft 365:

  • User activity in SharePoint Online and OneDrive for Business
  • User activity in Exchange Online (Exchange mailbox audit logging)
  • Admin activity in SharePoint Online
  • Admin activity in Azure Active Directory (the directory service for Microsoft 365)
  • Admin activity in Exchange Online (Exchange admin audit logging)
  • eDiscovery activities in the security and compliance center
  • User and admin activity in Power BI
  • User and admin activity in Microsoft Teams
  • User and admin activity in Dynamics 365
  • User and admin activity in Yammer
  • User and admin activity in Microsoft Power Automate
  • User and admin activity in Microsoft Stream
  • Analyst and admin activity in Microsoft Workplace Analytics
  • User and admin activity in Microsoft Power Apps
  • User and admin activity in Microsoft Forms
  • User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams

This pack includes:

  • MicrosoftPolicyAndComplianceAuditLog integration.
  • Azure Configuration Analysis - Helps you collect, review, and find misconfigurations with the Azure environment.
  • Azure Hunting playbook - Helps you collect and investigate suspicious security events from the Azure AD environment.


Cortex XSOAR


CertificationRead more
Supported ByCortex XSOAR
CreatedMarch 17, 2021
Last ReleaseDecember 21, 2021

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.