Overview

Top Operations by Service

This report shows you the most popular activities performed on each service (Azure AD, Exchange, SharePoint Online, OneDrive, Teams, PowerBI, Security & Compliance Center, Skype, Threat Intelligence, Yammer). You can filter by service or operation to find specific information, or you can review top operations across your entire environment.
There are advanced filtering options, including the option to search by date, user, activity and location. The chart overview is fully customisable, depending on the operation or service you need to see. Beneath the charts, you can see the detailed information about the amount of operations occurring, split by type. If you click on the magnifying glass, you can see specific events for that operation.

Failed Events

The Failed Events view provides a list of users who failed to authenticate against a Microsoft cloud service or were denied access to a cmdlet or feature in Office 365. This could indicate that the account is experiencing a brute force attack, or it might just be caused by a user that has forgotten their credentials.
You can investigate the event using the advanced filtering options, including the option to search by date, user, activity and location. The chart overview is fully customisable, and includes a map view (simply click on the cog or globe icon below the chart). The data table below provides important details about the event, such as the time, IP address, location, and failure reason.

Administrator Activities

This timeline shows a list of administration activities performed in Exchange Online and Azure AD. At the top of the timeline, you will find advanced filtering options, including the option to search by date, user, operation, and location. The chart overview is fully customizable, and includes a map view (simply click on the cog or globe icon below the chart to change the view).
The timeline features administrator activities in chronological order, showing the time and date for each event. You can scroll down the timeline to review activity. Any filters applied at the top of the timeline, will be reflected in the view here.

Mailbox Activity Events

This report provides a list of mailbox activities performed in Exchange Online. Important: you will need to enable Mailbox Auditing on your mailboxes to see these events.

 
The top view shows ‘Events per day’, ‘Top Users’ and ‘Top Operations’ by default, but this is fully customizable. Below, there is a timeline view, featuring mailbox activity events. The events are listed in a timeline view, and can be expanded to show more detail.
Like all the Security & Audit reports, you can apply advanced filters to this report, and drill down into the information to find the event or activity you need. Any filters applied at the top of the timeline, will be reflected in the timeline view below.

Exchange DLP Events (Beta)

This report lists the Data loss protection (DLP) events in Exchange Online, when configured via Unified DLP Policy. It is crucial to monitor any events whereby data could be a risk, or could be non-compliant with your DLP policies.
Use the timeline to review any events in your environment, and apply advanced filters to drill down into the information, and find the event or activity you need. Any filters applied at the top of the timeline, will be reflected in the timeline view below.

Teams Events

This report shows a list of audit events related to the Microsoft Teams workload. At the beginning of the page, you will find advanced filtering options, including the option to search by date, activities, users etc.

The top view shows ‘Events ’, ‘Top Channel Name’ and ‘Top Team Name’ by default, but this is fully customizable by clicking the cog icon. Any filters applied at the top of the page, will be reflected in the timeline view below.

Use the timeline to review any events in your environment, and click on the “All information” tab to expand and show more details about the event or activity you need. The view can also be changed to a table format to allow for adding or removing columns which can also be exported.

Sharing and Access requests

This report details all requests to share or access items from OneDrive or SharePoint. The top view shows an overview of activity, and it is fully customizable (just click on the cog icon in the bottom left of the chart).

As you can see below, the timeline shows a chronological view of activity, and events can be expanded to show a more detailed view. Like all the other Security & Audit reports, you can apply advanced filters to drill down into the information, and find the event or activity you need. Any filters applied at the top of the timeline, will be reflected in the timeline view below. The view can also be changed to a table format to allow for adding or removing columns which can also be exported. 

File and folder operations

This report lists all the files and folders that have been modified in OneDrive or SharePoint Online. The top view shows an overview of activity, and is fully customizable (just click on the cog icon in the bottom left of the chart).
As you can see, the timeline shows a chronological view of activity, and events can be expanded to show a more detailed view. Like all the other Security & Audit reports, you can apply advanced filters to drill down into the information, and find the event or activity you need. Any filters applied at the top of the timeline, will be reflected in the timeline view below.

SharePoint/ OneDrive Sync Operations

This report shows all files and folders that have been synchronized in OneDrive or SharePoint Online. The top view shows an overview of activity, and it is fully customizable (just click on the cog icon in the bottom left of the chart).
As you can see, the timeline shows a chronological view of activity, and events can be expanded to show a more detailed view. Like all the other Security & Audit reports, apply advanced filters to drill down into the information to find the event or activity you need. Any filters applied at the top of the timeline, will be reflected in the timeline view below.

SharePoint/ OneDrive DLP Events

This report shows a list of Data loss protection events in SharePoint and OneDrive when configured via Unified DLP Policy. The top view shows an overview of activity, and it is fully customizable.

Print Friendly, PDF & Email