cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logs in Sentinel show all Operation logs for external users only

mmikac
Copper Contributor

‎Jun 07 2023 02:48 AM

‎Jun 07 2023 02:48 AM

Logs in Sentinel show all Operation logs for external users only

Greetings all

Sentinel in Azure shows all Operation logs only for External users but not for Internal ones.

Is it because of policies or what could be the reason?

 

For example, it shows when a message is sent in Teams from an external user but not from internal.

Labels:
425 Views
0 Likes
2 Replies
Reply
2 Replies
Clive_Watson

‎Jun 07 2023 03:27 AM

‎Jun 07 2023 03:27 AM

Re: Logs in Sentinel show all Operation logs for external users only

Is this the OfficeActivity table?

If I run this example (add you email to line 3), I see both users from other companies

OfficeActivity
| where RecordType =~'MicrosoftTeams'
| where UserId !endswith "yourDomain.com"

What have you tried so far?
1 Like
Reply
mmikac

‎Jun 07 2023 04:32 AM

‎Jun 07 2023 04:32 AM

Re: Logs in Sentinel show all Operation logs for external users only

@Clive_Watson 

 

When I run your query it still shows only external users for Message Sent.

This is OfficeActivity table.

When I try to get all office activity that's on our tenant, Messagesent it's not visible, but when I do the same for external it is visible.

 

 

 

0 Likes
Reply