Experiencing a data breach can be one of the most challenging experiences for a company, especially for a security or IT team responsible for addressing the incident and leading the IT recovery. After a breach or a cyber-attack, understanding the full scope of what information was accessed and shared can be difficult but crucial to an investigation. Information about what emails or Microsoft Teams chats were accessed by a compromised user account can provide valuable information in a forensics investigation and can help in meeting regulatory or compliance requirements.
Advanced Audit in Microsoft 365 helps organizations to meet these regulatory, legal, and internal obligations by providing additional audit log events used in these investigations.
Historically, forensic investigations have centered around Exchange email and SharePoint content that might be accessed by an attacker, as well as what sensitive information might potentially be exposed. These email and SharePoint file and folder investigation events are supported by capabilities available in Advanced Audit.
Increasingly, an organization’s data is also stored in other Microsoft 365 services, including communications and collaboration tools Microsoft Teams and Yammer, survey tool Microsoft Forms, and video platform Microsoft Stream. In case of a breach, organizations should be able to understand what actions an attacker took in these Microsoft 365 services, and use tools that provide a detailed audit trail. Advanced Audit helps organizations to meet these needs and to help customers meet regulatory requirements.
Microsoft is excited to announce additional events for Advanced Audit from Microsoft 365 services. These additions include:
In Microsoft Teams
In Microsoft Forms
In Microsoft Stream
With these new events, Advanced Audit users gain better visibility into the activities taking place in their Microsoft 365 environment. The security or forensics teams have more insights and can better understand the sequence of user events in Microsoft Teams, Yammer, Forms or Stream. This additional insight helps in not just recreating a timeline of events, but in responding to regulatory requirements for data compromise.
Review the full list of Microsoft 365 services that have audit events to support your forensic investigations here.
We are committed to helping organizations with their forensic investigation needs by delivering capabilities within Advanced Audit that seamlessly integrate with their workflow and provide the insight into user activities that they need.
We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communications Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager.
This trial is currently rolling out to tenants worldwide and you can learn more about it here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.