Skip to content

What Is Office 365 Security Log Monitoring?

What Is Office 365 Security Log Monitoring?

When watching science-fiction movies, you may have heard people talk about checking computer logs for important information. This often serves as a convenient plot device, but it is based on the way that computers work in reality. All significant events are logged into various files on your computer without your knowledge and can be checked at your leisure. Naturally, security events are the most important of these, so you want to make sure those settings are correct. Thus, it shouldn’t surprise anyone to see that Office 365 has a built-in security log monitoring setup.

What Is Office 365 Security Log Monitoring?

This is a feature that can be enabled in all versions of Office 365. Once it has been enabled, all relevant security information will be displayed and analyzed. That second part is the important part, as it aids your detection capabilities by quite a bit. Not only does it log all significant events for Office 365 itself, but also for any programs that might be connected. Thus, anything that touches Office 365 on the “connection tree” will be covered. This includes:

  • Azure
  • Exchange
  • Sharepoint
  • Power lBl
  • Yammer
  • Sway

Perhaps the best thing about this feature is the way that it can be customized. Like a machine-learning-based antivirus program, it can be “trained” to look for certain patterns and to alert you when those suspicious patterns appear. For instance, you definitely want to be notified of excessive failed login attempts. Such a thing can be a big red flag for a brute force attack. By tweaking those settings, you can ensure that only abnormal behavior is logged.

How Is This Helpful?

Log information is helpful in many ways, depending on the source. Unfortunately, many people do not even consult those logs until something goes wrong. Ideally, you should check those logs anytime an alert is given. Either way, there is no doubt that response time is critical when a cybersecurity incident occurs. Not only do you need to get your systems running again, but you also need to document all the evidence that can be found for later prosecution.

Log information is also very helpful for companies that deal with a lot of government regulations. Some companies are under a lot of pressure to deal with many regulations, and they will occasionally need proof of their efforts. When that is the case, log files represent one of the most trusted methods. Although it is possible to forge the log files, anyone with access to the data could easily prove such a forgery.

This kind of technology is extremely necessary because Office 365 uses the cloud for quite a few of its essential functions. As everyone knows, the security of the cloud can be dubious at times. It can be more secure than standard connections, but only if used and configured properly. Good feedback from the program can help you to figure out those configuration options and get them dialed-in perfectly.

How To Enable Security Log Monitoring In Office 365

You will need administrator privileges to do this, of course. First, open up your search bar and find the “Office 365 Security and Compliance Center.” Once you have found that, you should see an option to enable audit logs. Click that if the box is not checked. Next, look for “Audit Log Search” and click there. Look for another option that says “Start recording user and admin activity” and click that as well. If you want to set up an email box, you will need to follow the instructions found here.

To customize your alerts, you need to head back to the security and compliance center. Once there, click “Audit Log Search” again, and then click “+Create An Alert.” This will allow you to create a specific alert parameter with specific criteria.

Limitations of Office 365 Security Log Monitoring

Office 365 includes a native viewer for log files, but this is where all of the downsides can be seen. This viewer is very limited, and that can be frustrating. Its ability to search the logs leaves much to be desired, which is a serious problem. Exporting is slow and clunky, and the free version will limit you to a total of 10,000 logs. Worst of all, archiving of logs can only be done for 90 days. Thus, you could easily lose a crucial log file forever with no way of recovery. Thankfully, there are third-party apps that can remove these restrictions.

About SIEM

This matter falls under the heading of SIEM (Security Information Event Management). This term was first coined in 2005 (by Mark Nicolett and Amrit Williams), but the concept is far older. As the acronym implies, this technology represents the combination of log recording, information management, and detailed analysis in a single package. SIEM is an idea that can be deployed across many devices and platforms, as it is really just the act of staying vigilant. It can be applied to software, hardware, online platforms, and managed IT services plans.


As you can see, our subject today is a pretty simple one. Office 365 has a very efficient data logging system that prioritizes security alerts over all others. The customizable nature of these alerts has generally been found to reduce false alarms and malware infections at the same time. If you need some managed IT support services, feel free to call PCH Technologies at (856) 754-7500.