[KB] Office 365 Auditing : 4 activities that you should never miss

[KB] Office 365 Auditing : 4 activities that you should never miss

Office 365 auditing is an effective way to get insights about user activities, and insider threats. Among the plethora of activities to be audited, there are four must-audit activities, that help you to identify the most common attacks like, brute-force attack, insider attack, elevation of privilege attack, etc. Below are those four important activities that must be audited:

 

  • User accesses: Know who is accessing your Office 365 subscription, when, and from where. By establishing a baseline of normal user access behavior, you can then identify anomalous or suspicious user activities, for example, a user trying to sign in from a country where your organization doesn’t have any presence. In addition, spikes in repeated login attempts can alert you to a potential bruteforce login attack


  • Admin activities: Once attackers gain access to your environment, they often try to elevate their privileges to gain more control and access to your sensitive data—as do malicious insiders. Monitoring changes to admin roles and access rights can alert you to potential external and internal threats.



 

Click here to know about all the activities that can be audited with O365 Manager Plus.