cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Office 365 Auditing

Nino Renzi
Copper Contributor

‎Aug 14 2017 11:38 AM

‎Aug 14 2017 11:38 AM

Office 365 Auditing

How on Earth does failed login attempt auditing for Office 365 not come standard.  If i would have known that this was not included in the E1 I would have never purchased it.  Like Microsoft always likes to do, suck them in and then suck them dry.  A critical component to any online presents is finding out if you are being attacked, the only way to know is if you can audit those failed login attempts to see if somone is trying to guess your account and password.  Critical YES.  Oh wait it is possible but only if you have the premium feature.  Does anyone else not think that this could be a critical issue in having an online presents, or should have been told about this ahead of time.  Sorry for my rant but little frustrated now to have to feed the pig again. 

Labels:
4,424 Views
1 Like
4 Replies
Reply
4 Replies
Cian Allner

‎Aug 14 2017 12:37 PM

‎Aug 14 2017 12:37 PM

Re: Office 365 Auditing

Putting the vitriol aside, I do kind of agree that limiting the 'Signs-in activities' report for example to only customers with the Azure AD Premium license seems like a contradiction.  It's something I brought up in this thread, kind of - Office 365 Fragmentation? What you do get for free are the following reports, which is still pretty good, while the more extensive reporting requires the better licencing - Azure Active Directory reporting:

 

  • Users flagged for risk - From the users flagged for risk security report, you get an overview of user accounts that might have been compromised.
  • Risky sign-ins - With the risky sign-in security report, you get an indicator for sign-in attempts that might have been performed by someone who is not the legitimate owner of a user account.

From what I can gather the free reporting has got worse with the move to the new portal with for example the Sign-ins after multiple failures report set to be retired.

1 Like
Reply
Nino Renzi

‎Aug 14 2017 02:34 PM

‎Aug 14 2017 02:34 PM

Re: Office 365 Auditing

I just think its funny that they know this is a critical component and that they would put it into a premium feature sounds a little petty to me and is just another way to get more money from people when they have limited resources. I would have upgrade my on-prem solution instead and I would feel a lot more comfortable knowing that I can audit these failed logon attempts and that my users are safe. I guess they took a play out of the telecoms page and nickel and dime people to death.
0 Likes
Reply
Cian Allner

‎Aug 15 2017 03:00 AM - edited ‎Aug 15 2017 03:07 AM

‎Aug 15 2017 03:00 AM - edited ‎Aug 15 2017 03:07 AM

Re: Office 365 Auditing

I can understand where you are coming from, it would be nice if more security reports came as standard, for exactly the reasons you have pointed out.  Saying that make sure you sign up for the free Azure AD reports I mentioned, which is something - Reports in the Office 365 Security & Compliance Center.

0 Likes
Reply
Tony Redmond

‎Aug 15 2017 04:15 AM

‎Aug 15 2017 04:15 AM

Re: Office 365 Auditing

Office 365 is a commercial service so it's not really surprising that Microsoft has several levels of service that you need to pay for. It's the same in the on-premises world. For instance, Exchange 2016 comes in a standard and an enterprise edition. If you are happy with five mailbox databases, you can pay less and go with the standard edition. If you need to run more, you need to pay more and run the enterprise edition. In other words, you decide what functionality you need and then you know what you have to pay for.

 

Coming back to Office 365 auditing, the events for failed logins are captured by Azure AD and could be processed for inclusion in the audit data mart. However, that is not the case and I think that someone decided that the more appropriate place for this kind of activity to be monitored is the Azure AD portal. In some ways, it makes sense because the Azure AD portal is where security comes together for Azure applications. I can see a good case to be argued for failed login events to show up in the Office 365 audit log too (especially as successful logins are often captured by apps like Teams). If you want to make a case for this to happen, why not create an request in User Voice? You'll probably get a better response there than you will from sounding off here.

1 Like
Reply