SOLVED

Monitoring Office 365 Administrators

%3CLINGO-SUB%20id%3D%22lingo-sub-360052%22%20slang%3D%22en-US%22%3EMonitoring%20Office%20365%20Administrators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360052%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20best%20way%20to%20monitor%20our%20office%20365%20administrators%20user%3F%20I%20am%20not%20familiar%20with%20office365%20too%20much%20but%20I%20would%20like%20to%20find%20a%20list%20of%20actions%20associated%20with%20an%20administrator.%26nbsp%3B%20How%20could%20I%20do%20that%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-360052%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360068%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Office%20365%20Administrators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360068%22%20slang%3D%22en-US%22%3EOf%20course%20the%20global%20admin%20and%3CBR%20%2F%3EFrom%20the%20link%20I%20provided%3A%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20have%20to%20be%20assigned%20the%20View-Only%20Audit%20Logs%20or%20Audit%20Logs%20role%20in%20Exchange%20Online%20to%20search%20the%20Office%20365%20audit%20log.%20By%20default%2C%20these%20roles%20are%20assigned%20to%20the%20Compliance%20Management%20and%20Organization%20Management%20role%20groups%20on%20the%20Permissions%20page%20in%20the%20Exchange%20admin%20center.%3CBR%20%2F%3E%3CBR%20%2F%3EMore%20info%20in%20the%20link!%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360067%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Office%20365%20Administrators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360067%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20might%20also%20want%20to%20check%20out%20the%20Office%20365%20Auditing%20Report%20Tool%2C%20which%20has%20many%20reports%20built-in%20that%20could%20be%20used%20to%20check%20on%20admin%20level%20activities.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Foffice%2FOffice-365-Auditing-Tool-01747cd4%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EOffice%20365%20Auditing%20Report%20Tool%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360065%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Office%20365%20Administrators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360065%22%20slang%3D%22en-US%22%3EThank%20you!!%20What%20role%20would%20a%20user%20need%20to%20be%20to%20perform%20the%20audit%20log%20search%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360060%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Office%20365%20Administrators%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360060%22%20slang%3D%22en-US%22%3EYou%20can%20use%20the%20audit%20log%20in%20the%20security%20and%20compliance%20center%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fsearch-the-audit-log-in-security-and-compliance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fsearch-the-audit-log-in-security-and-compliance%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

What is the best way to monitor our office 365 administrators user? I am not familiar with office365 too much but I would like to find a list of actions associated with an administrator.  How could I do that? 

4 Replies
Thank you!! What role would a user need to be to perform the audit log search?

You might also want to check out the Office 365 Auditing Report Tool, which has many reports built-in that could be used to check on admin level activities.

Office 365 Auditing Report Tool

Best Response confirmed by Wolverine (New Contributor)
Solution
Of course the global admin and
From the link I provided:

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the Office 365 audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center.

More info in the link!

Adam