Need to find if a user viewed a specific document or purged an item from their mailbox? If so, use the MicrosoftPolicyAndComplianceAuditLog integration to search the unified audit log to view user and administrator activity in your organization.
The unified audit log contains events from
- Exchange Online
- SharePoint Online
- OneDrive for Business
- Azure Active Directory
- Microsoft Teams
- Power BI
- and other Microsoft 365 services
You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the action, the user who performed the action, or the target object.
What does this pack do?
You can search for the following types of user and admin activity in Microsoft 365:
- User activity in SharePoint Online and OneDrive for Business
- User activity in Exchange Online (Exchange mailbox audit logging)
- Admin activity in SharePoint Online
- Admin activity in Azure Active Directory (the directory service for Microsoft 365)
- Admin activity in Exchange Online (Exchange admin audit logging)
- eDiscovery activities in the security and compliance center
- User and admin activity in Power BI
- User and admin activity in Microsoft Teams
- User and admin activity in Dynamics 365
- User and admin activity in Yammer
- User and admin activity in Microsoft Power Automate
- User and admin activity in Microsoft Stream
- Analyst and admin activity in Microsoft Workplace Analytics
- User and admin activity in Microsoft Power Apps
- User and admin activity in Microsoft Forms
- User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams
This pack includes:
- MicrosoftPolicyAndComplianceAuditLog integration.
- Azure Configuration Analysis - Helps you collect, review, and find misconfigurations with the Azure environment.
- Azure Hunting playbook - Helps you collect and investigate suspicious security events from the Azure AD environment.