Do EOP actions create entries in the Office 365 audit log?

Calum Steen
Occasional Contributor

We feed the Office 365 audit log into IBM QRadar for additional analysis, together with logs from firewalls, domain controllers etc.


If EOP puts an email into user quarantine or removes a email due to malware, does this event get written into the Office 365 audit log?

2 Replies

No. The audit log includes data from the Exchange admin audit log and mailbox level auditing, none of these include EOP events or mail flow in general. It's documented here: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-c...


If you want to include such events, look into the mail flow data you can obtain via Get-Message trace or the good old reporting web service.

Related Conversations
Office Deployment: Pin to START Menu
Brian LeFlem in Microsoft Intune on
1 Replies
I can't open a Macro enable excel and word file
Roxanne26 in Office 365 on
2 Replies
Content and files in office.com not loading
Nomnomburger25 in Discussions on
3 Replies
Access Takes a Trip: News From Around the Globe
Ebo_Quansah in Access on
0 Replies