Over the last two decades, the M365 service capabilities have developed rapidly and have evolved into a more complex version. In addition, the Security & Compliance Centre has rapidly expanded in response to the rising sophisticated attacks.
Office 365 user numbers have reached approximately a whopping 345 million," broadly aligning with the 17% y-o-y increase in commercial revenue. However, the larger question remains why organisations' office 365 audit capabilities still need to mature despite the evident implications.
After interacting with hundreds of MSPs on a daily basis, Octiga has identified three main reasons for this state of affairs:
- Overwhelming implementation
- Limited expert staffing
- Tight budgets and time
Through this piece, we will allude to the M365 auditing challenges for MSPs and articulate the super cost-effective, ridiculously easy-to-implement AND maintain auditing solution.
Office 365 Auditing- The Challenges with Native Tools
Microsoft cloud environment shares valuable auditing tools. The Microsoft 365 Admin Center and the Office 365 Security and Compliance centre make decent office 365 auditing tools. They provide insight into users, permissions and activity. However, they have some unavoidable drawbacks. Let us see what they are-
Office 365 Audit Configuration Complexity
M365 audit logs combine most properties into a single JSON. You can follow a 10-step approach to configure and split each property into its column and filter columns to view records based on the values of the specific properties. If this still sounds doable, imagine doing this for hundreds or thousands of users! In short, for MSPs, it is a living nightmare.
Consolidating and Contextualising Huge Data Set
While the audit log search tool helps find specific actions, using Office 365 audit logs to search for suspicious activity is no piece of the cake. You'd need an expert security analyst to decrypt the information format and turn it into digestible piece-meals. Only then will you be able to spot threats and take action.
Additionally, dealing with false positive alerts will further complicate the process.
Limited and Complicated Office 365 Audit Reports
Due to the scarce availability of predefined log reports, your IT team may need to create reports manually.
This was still doable had there been a native feature to save customised searches. Unfortunately, this process will also have to repeat often.
Limited Retention Period
Another issue is with Microsoft's retention period for audit logs. Office 365 audit logs older than 90 days can't be retained for standard subscriptions.
However, for one-year, advanced Audit in Microsoft 365 retains any audit record containing the value of Exchange, SharePoint, or Azure Active Directory for the Workload property. Again, this is limited to licensed users only. Those without a premium license must download and save audit logs regularly and merge them for a comprehensive list of activities.
What MSPs Need for an Effective Office 365 Auditing
So now, having a clear picture of logging and monitoring activity through Office 365, you may have realised that utilising this data isn't very practical for an average IT professional with tons of tasks to attend to daily.
It is not efficient for the business. Using Office 365 best practices with SIEM can offer the necessary visibility and security within time and budget limits. Let's further dig into what can increase the efficacy of your security teams without breaking a sweat!
Let us drill down into some aspects of what makes a good audit and what are the implementation obstacles with auditing Office 365 for an average security professional.
Characteristics of a Good Office 365 Security Audit
Assessing the challenges associated with native Office 365 auditing, we ponder over our next question, which is, 'What can we do about it?'
Octiga Office 365 Security Auditing: A short Demonstration
Through the Octiga application, we can create a set baseline that can create a set of standards that you agree with and have the power to over-write these standards based on the changing client expectations. Here is how it is done rapidly on our multi-tenant dashboard
Native auditing tools often lack the ability to customise security according to each organisation's individual needs. It also lacks automation and easy-to-follow remediation. To get all these features on a single multi-tenant dashboard, we have built our game-changing solution that covers all the abovementioned gaps. It gives MSPs the confidence to achieve complete office 365 security in clicks, not weeks. If you wish to learn more about how we can help you with continuous audit and gap analysis or anything related to M365 security, book a quick chat here: https://www.octiga.io/book-a-demo