SOLVED

Office365 audit log for saved attachments

%3CLINGO-SUB%20id%3D%22lingo-sub-1140044%22%20slang%3D%22en-US%22%3EOffice365%20audit%20log%20for%20saved%20attachments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1140044%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20part%20of%20our%20DLP%20environment%2C%20I%20am%20looking%20to%20see%20find%20when%20anyone%20saved%20an%20attachment%20in%20Outlook%20within%20Office365.%26nbsp%3B%20We%20are%20only%20interested%20in%20saving%20of%20attachments%20via%20OWA%20or%20on%20a%20registered%20mobile%20device.%26nbsp%3B%20The%20current%20DLP%20rules%20only%20monitor%20emails%20generated%2C%20but%20I%20was%20hoping%20to%20include%20the%20latter%20scenario.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20Office365%20can%20be%20accessed%20inhouse%2C%20via%20OWA%2C%20or%20a%20mobile%20client%2C%20we%20are%20looking%20for%20ways%20to%20monitor%20the%20saving%20of%20attachments%20to%20non-company%20owned%20devices.%26nbsp%3B%20Staff%20working%20from%20home%2C%20that%20connect%20to%20Office365%20via%20OWA%20from%20their%20personal%20device%2C%20can%20save%20confidential%20data%20that%20was%20sent%20to%20their%20company%20email%20address.%26nbsp%3B%20This%20then%20becomes%20a%20data%20loss%20scenario.%26nbsp%3B%20I%20do%20not%20see%20this%20as%20an%20available%20condition%20to%20monitor%20in%20the%20DLP%20rules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20have%20any%20suggestions%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethank%20you%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1140044%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1140107%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20audit%20log%20for%20saved%20attachments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1140107%22%20slang%3D%22en-US%22%3E%3CP%3EThat's%20not%20audited%20in%20any%20way%2C%20however%20we%20do%20have%20controls%20to%20block%20downloads%20from%20OWA.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1140188%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20audit%20log%20for%20saved%20attachments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1140188%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20I%20didn't%20think%20so%2C%20just%20hoping.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

As part of our DLP environment, I am looking to see find when anyone saved an attachment in Outlook within Office365.  We are only interested in saving of attachments via OWA or on a registered mobile device.  The current DLP rules only monitor emails generated, but I was hoping to include the latter scenario. 

 

Since Office365 can be accessed inhouse, via OWA, or a mobile client, we are looking for ways to monitor the saving of attachments to non-company owned devices.  Staff working from home, that connect to Office365 via OWA from their personal device, can save confidential data that was sent to their company email address.  This then becomes a data loss scenario.  I do not see this as an available condition to monitor in the DLP rules.

 

Anyone have any suggestions?

 

thank you 

2 Replies
Highlighted
Best Response confirmed by MichaelMahan (New Contributor)
Solution

That's not audited in any way, however we do have controls to block downloads from OWA.

Highlighted

Thanks, I didn't think so, just hoping.

 

@Vasil Michev