Back to Blog

Office365 Security Audit: Automate, Remediate, Repeat

Over the last two decades, the M365 service capabilities have developed rapidly and have evolved into a more complex version. In addition, the Security & Compliance Centre has rapidly expanded in response to the rising sophisticated attacks.  

Office 365 user numbers have reached approximately a whopping 345 million," broadly aligning with the 17% y-o-y increase in commercial revenue. However, the larger question remains why organisations' office 365 audit capabilities still need to mature despite the evident implications.  

After interacting with hundreds of MSPs on a daily basis, Octiga has identified three main reasons for this state of affairs:  

  1. Overwhelming implementation  
  1. Limited expert staffing  
  1. Tight budgets and time  

Through this piece, we will allude to the M365 auditing challenges for MSPs and articulate the super cost-effective, ridiculously easy-to-implement AND maintain auditing solution.

Office 365 Auditing- The Challenges with Native Tools

Microsoft cloud environment shares valuable auditing tools. The Microsoft 365 Admin Center and the Office 365 Security and Compliance centre make decent office 365 auditing tools. They provide insight into users, permissions and activity. However, they have some unavoidable drawbacks. Let us see what they are-  

Office 365 Audit Configuration Complexity

M365 audit logs combine most properties into a single JSON. You can follow a 10-step approach to configure and split each property into its column and filter columns to view records based on the values of the specific properties. If this still sounds doable, imagine doing this for hundreds or thousands of users! In short, for MSPs, it is a living nightmare.  

Consolidating and Contextualising Huge Data Set

While the audit log search tool helps find specific actions, using Office 365 audit logs to search for suspicious activity is no piece of the cake. You'd need an expert security analyst to decrypt the information format and turn it into digestible piece-meals. Only then will you be able to spot threats and take action.  

Additionally, dealing with false positive alerts will further complicate the process.  

Limited and Complicated Office 365 Audit Reports  

Due to the scarce availability of predefined log reports, your IT team may need to create reports manually.  

This was still doable had there been a native feature to save customised searches. Unfortunately, this process will also have to repeat often.  

Limited Retention Period

Another issue is with Microsoft's retention period for audit logs. Office 365 audit logs older than 90 days can't be retained for standard subscriptions.  

However, for one-year, advanced Audit in Microsoft 365 retains any audit record containing the value of Exchange, SharePoint, or Azure Active Directory for the Workload property. Again, this is limited to licensed users only. Those without a premium license must download and save audit logs regularly and merge them for a comprehensive list of activities.  

What MSPs Need for an Effective Office 365 Auditing  

So now, having a clear picture of logging and monitoring activity through Office 365, you may have realised that utilising this data isn't very practical for an average IT professional with tons of tasks to attend to daily.  

It is not efficient for the business. Using Office 365 best practices with SIEM can offer the necessary visibility and security within time and budget limits. Let's further dig into what can increase the efficacy of your security teams without breaking a sweat!  

Let us drill down into some aspects of what makes a good audit and what are the implementation obstacles with auditing Office 365 for an average security professional.  

Characteristics of a Good Office 365 Security Audit

Assessing the challenges associated with native Office 365 auditing, we ponder over our next question, which is, 'What can we do about it?'  

Octiga Office 365 Security Auditing: A short Demonstration  

Through the Octiga application, we can create a set baseline that can create a set of standards that you agree with and have the power to over-write these standards based on the changing client expectations. Here is how it is done rapidly on our multi-tenant dashboard  


Native auditing tools often lack the ability to customise security according to each organisation's individual needs. It also lacks automation and easy-to-follow remediation. To get all these features on a single multi-tenant dashboard, we have built our game-changing solution that covers all the abovementioned gaps. It gives MSPs the confidence to achieve complete office 365 security in clicks, not weeks. If you wish to learn more about how we can help you with continuous audit and gap analysis or anything related to M365 security, book a quick chat here: https://www.octiga.io/book-a-demo

More from the Blog

A Closer Look at the Midnight Blizzard Crew

Russian group the Midnight Blizzard crew (Nobelium, APT29, Cozy Bear, Iron Hemlock, The Dukes) has been targeting personal credentials.

Read Story

Microsoft Office 365 Secure Score Limitations for MSPs

Limitations of the M365 Secure Score for MSPs. Understand potential restrictions when enhancing security posture of Microsoft 365 environments.

Read Story

Octiga Vs Flying Solo with Office 365 Security for MSPs

The purpose of the Octiga Office 365 security app is not to replace M365 security but to ensure that MSPs can deliver it consistently, coherently and rapidly to all your clients. A short video explains how Octiga makes MSPs' work super efficient and super fast.

Read Story

Never miss a minute.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa.
We will never share your email address with third parties.