Restricting the Flow of Audit Data for User Office 365 Activities to Microsoft

Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.

Advertisements

Office 365 Privileged Access Management: Too Flawed and Too Exchange?

Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?

Using the Office 365 Audit Log to Find SendAs Events

Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.