Sep 13 2019 01:28 AM
Office 365 tenant administrators often make extensive use of PowerShell. It’s a great tool to get work done across all the Office 365 workloads. However, hackers like PowerShell too, and it could be used to attack your tenant. If that happens, having PowerShell logs will allow you to find out exactly what the attacker did and where. With this in mind, shouldn’t you enable PowerShell logging?
https://office365itpros.com/2019/09/13/enable-powershell-logging/
Feb 07 2020 07:04 AM
Hello , did you find a way to collect those events ( powershell activities on Office 365 ) @Tony Redmond ? i am currently looking for a way to track them .
Cordialement .
Feb 07 2020 07:18 AM
@Jean_Apala243 Do you mean the PowerShell logs?
Feb 19 2020 02:46 AM
Yes i mean powershell logs , basically i want to detect a user who used powershell to connect to O365 tenant @Tony Redmond
Feb 19 2020 04:51 AM
@Jean_Apala243 PowerShell doesn't capture events in the Office 365 audit log. All you could do is look for what people did in Office 365 workloads after they connected.
Feb 21 2020 03:10 AM