Forum Discussion
Deleted
Sep 23, 2016Documenting Office365 Configuration set for Tenant
Hello All, I am in the process of documenting our entire O365 tenant so that we can maintain a baseline of our O365 infrastructure. I would like to collect some of the important points for Servic...
- Sep 23, 2016The reports at https://support.office.com/en-us/article/Reports-in-the-Office-365-Security-Compliance-Center-7acd33ce-1ec8-49fb-b625-43bac7b58c5a and at https://support.office.com/en-us/article/View-and-download-reports-about-service-usage-in-Office-365-30E5558F-D3C0-4A3B-A0D5-58FC7750C0AD?ui=en-US&rs=en-US&ad=US should help you get started.
Screen shots are also very helpful, but have limited lifetime because the screens are changed by MS.
Given that MS changes the APIs without notice you will never be able to fully define a comprehensive detailed baseline. You need to determine which settings truly matter to your org and then you can use the reports above to audit any changes.
Sep 23, 2016
I think first thing you need to have clear is how deeply you want to document your Office 365 deployment and also the amount of time/work you want to dedicate to this task....I'm saying this because there are many third party tools that could help you on this task. Also bear in mind Office 365 reports.
- Jason DunbarOct 05, 2017Brass Contributor
Hi folks - this is something I've been looking at too.
Scenario: an administrator makes a change to the Sharing outside your organisation setting, within the Sharing settings screen in the SharePoint admin center. I need to be able to determine the change that was made; if possible the previously configured state or value, and of course when.
Ideally, I'd like to document a baseline configuration and then gather activities from the audit log (either from Office 365 Security and Compliance, or though PowerShell remote session to Office 365 Admin API). Of course, what's not ideal, is that somebody has to manually click through the admin center once a month to determine if the current state matches the baseline.
How does one query the audit log for the setting mentioned in the above scenario?
Is there a better approach altogether that I'm missing?
- Carly LoganMar 17, 2018Copper Contributor
Would love to know if you have solved this. I have been struggling with this for several weeks myself.
- Jason DunbarJun 19, 2018Brass ContributorI'm afraid I never did really crack this one.
There was a certain degree that just had to be accepted, without being documents - and the risks mitigated accordingly.
Keen to see what options you may find :-)
- Robert LuckOct 05, 2017Iron Contributor
What do you mean by 'baseline configuration'?
You can easily set an alert for a particular activity in the security and compliance center.
- Jason DunbarOct 05, 2017Brass Contributor
What I mean is that for purpose of regulatory compliance, an organisation may need to record configuration of a platform and be able to approve that it's been tested against in order to mitigate risk.
Now suppose we've recorded that configuration and somebody then changes it outside of a formal CR process, we need to find a way of being informed of that.
Initially the folks I'm working with suggested a full export of any admin config options available - whether through PowerShell or other means. Then periodical re-exports to compare. I don't think this is efficient and went down the path of audit querying/reporting and alerts - most definitely the right way to go.
Anyhow, I've since gone into a test tenant of mine and made a change in SharePoint Online Admin Center > Settings > Custom Script > Prevent users from running custom script on personal sites. I've set it from enabled to disabled.
When looking at the Audit Log activities for that operation, I see that a user (the admin, me in this case) has visited the page, but I have no information at all about what was configured differently; that being my problem here :-)
- Dean_GrossOct 05, 2017Silver Contributor
You are using the only approach, the Audit Log Search reports any "Changed A Sharing Policy" activity. Run a search with that value and you will get the info you need.
- DeletedSep 23, 2016Hi Juan,
Thanks for the response. I need the direction for same.- Sep 23, 2016
Could you please ellaborate more what do you exactly need so we can help you?