Office 365 Security and Audit

Office 365 Security Reports

Many companies have security products deployed that help them defend against potential attacks and forensically identify the source and type of attacks—but these solutions focus on the network and endpoints.

Knowing that a particular account or machine was compromised, what IP address the compromise came from and so on is necessary for security teams to respond… but it’s not enough on its own.

Users who have legitimate access to Microsoft 365 represent a unique attack surface because -wherever an attacker gains entry – their account can be used to access any resource the user has access to. Most conventional Office 365 security tools aren’t paying attention to what happens in that domain.  

Office 365 Security Tool

Given the high volume of user activity in every Microsoft Office 365 tenant, when an incident occurs, and you’re tasked with finding out what happened, it can feel like looking for the proverbial needle in a haystack as there is no single consistent picture of user activity.

This leaves you to sift through silos of data on configuration, security, and user activity – and Microsoft only gives you a view from the last 90 days.

Determining who was responsible, what data was accessed, when and where, and what remedial actions need to be taken all require you to have quick, complete access to the right data. You also need to share this data with your security team, your compliance or legal teams, and other stakeholders, but it may be difficult to grant them access.  

Nova helps solve these challenges with a practical set of tools to help you protect against, identify, and respond to security threats that affect your tenants and users: 

  • Collect and retain data from the Microsoft 365 Unified Audit Log (including Exchange Online, Teams, SharePoint, and OneDrive access and change records), the Azure security graph, and other sources into a single repository 
  • Search, filter, sort, and collate audit, activity, and user data to identify trends, patterns, and access 
  • Quickly find the data you’re looking for with powerful and approachable customized reporting tools 
  • Share your findings using scheduled or downloaded reports 

Advanced Office 365 Security Audit

Unlike the native Office 365 Audit Log – which provides access in one, large, unwieldy view, Nova enables you to segment and visualize activity so that you can isolate events or threats quickly.

This includes the ability to combine Security and Audit data with static data such as current permissions, current access levels, Teams membership, user licenses, and group memberships. For those organizations with multiple tenants, Nova provides a view of user activity across all tenants.

Nova provides a rich and customizable environment to support an investigation. Rather than trawling through many reports, each showing part of the story, related, multiple reports are combined into one rich report with various sections.

The condensed reports provide an exceptional level of detail, giving you a complete picture of exactly what happened.

Nova allows you to:

  • Identify each system change an Administrator has made and when. 
  • Audit Administrator access to ensure there are no inactive or unnecessary Admins in your environment. 
  • Track Administrators to ensure they are not using their permissions to access restricted data. 
  • Keep track of actions on VIP or sensitive mailboxes 
  • Audit third-party mailbox access: 
  • Administrators accessing user mailboxes 
  • Delegates accessing other mailboxes 
  • Users performing actions on their own mailboxes 
  • See a comprehensive time-based view of changes made by a target account or modifications made to that account 
  • Know what files, mailboxes, and other resources an account has accessed or shared and when and where they did it  
  • Quickly spot unusual activity such as mailbox forwarding changes or permission grants. 
  • Analyze the scope of a potential breach to guide your response efforts 
  • Delegate the ability to lock, block, or restrict accounts and devices to enable faster response 
  • Provide the right information quickly to your security or network operations team, legal or compliance officers, or data protection authorities  

If you’d like to learn more about Nova’s Office 365 security audit capabilities and to see a demo of our Office 365 management software, please contact our expert team.