Using Exchange Session Identifiers in Audit Log Records

Exchange Online now captures session identifiers in its mailbox and admin audit records that are ingested in the Office 365 audit log. That’s interesting and useful, but how do you access and interpret this information on a practical level?

Advertisements

Exchange Online Adds Message Access to Audited Actions

Exchange Online will soon capture audit records for any access to a message in a mailbox. Initially, the audit records will not be ingested into the Office 365 audit log, but that will happen in the future.

Restricting the Flow of Audit Data for User Office 365 Activities to Microsoft

Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.

Using the Office 365 Audit Log to Find SendAs Events

Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.

Microsoft Increases Audit Storage Period for Office 365 E5 (But Still Struggling with a Truncation Problem)

Microsoft has updated its retention period for Office audit records from 90 to 365 days, but only for accounts with Office 365 E5 licenses. On another front, the problem with truncated audit records for Azure Active Directory events still persists.