Skip to main content

Office 365 and Azure (Audit Log)

Download With Dependencies

Search the unified audit log to view user and administrator activity in your organization.

Need to find if a user viewed a specific document or purged an item from their mailbox? If so, use the Microsoft Policy And Compliance (Audit Log) integration to search the unified audit log to view user and administrator activity in your organization.

The unified audit log contains events from

  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Azure Active Directory
  • Microsoft Teams
  • Power BI
  • and other Microsoft 365 services

You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the action, the user who performed the action, or the target object.

What does this pack do?

You can search for the following types of user and admin activity in Microsoft 365:

  • User activity in SharePoint Online and OneDrive for Business
  • User activity in Exchange Online (Exchange mailbox audit logging)
  • Admin activity in SharePoint Online
  • Admin activity in Azure Active Directory (the directory service for Microsoft 365)
  • Admin activity in Exchange Online (Exchange admin audit logging)
  • eDiscovery activities in the security and compliance center
  • User and admin activity in Power BI
  • User and admin activity in Microsoft Teams
  • User and admin activity in Dynamics 365
  • User and admin activity in Yammer
  • User and admin activity in Microsoft Power Automate
  • User and admin activity in Microsoft Stream
  • Analyst and admin activity in Microsoft Workplace Analytics
  • User and admin activity in Microsoft Power Apps
  • User and admin activity in Microsoft Forms
  • User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams

This pack includes the Microsoft Policy And Compliance (Audit Log) integration.

Need to find if a user viewed a specific document or purged an item from their mailbox? If so, use the Microsoft Policy And Compliance (Audit Log) integration to search the unified audit log to view user and administrator activity in your organization.

The unified audit log contains events from

  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Azure Active Directory
  • Microsoft Teams
  • Power BI
  • and other Microsoft 365 services

You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the action, the user who performed the action, or the target object.

What does this pack do?

You can search for the following types of user and admin activity in Microsoft 365:

  • User activity in SharePoint Online and OneDrive for Business
  • User activity in Exchange Online (Exchange mailbox audit logging)
  • Admin activity in SharePoint Online
  • Admin activity in Azure Active Directory (the directory service for Microsoft 365)
  • Admin activity in Exchange Online (Exchange admin audit logging)
  • eDiscovery activities in the security and compliance center
  • User and admin activity in Power BI
  • User and admin activity in Microsoft Teams
  • User and admin activity in Dynamics 365
  • User and admin activity in Yammer
  • User and admin activity in Microsoft Power Automate
  • User and admin activity in Microsoft Stream
  • Analyst and admin activity in Microsoft Workplace Analytics
  • User and admin activity in Microsoft Power Apps
  • User and admin activity in Microsoft Forms
  • User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams

This pack includes the Microsoft Policy And Compliance (Audit Log) integration.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedFebruary 11, 2021
Last ReleaseDecember 3, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.