All good IT security practices start with a watchful eye on the directory. As more companies transition to the Microsoft cloud that means they need to maintain some tight governance over Azure AD. Using CoreView now enables the ability to monitor and audit the privileged actions performed in Azure AD to help organizations easily identify major changes such as: group policies, password policies, device configurations, apps, roles, company attributes, and more. The audit trail provides the details around the changes made, who made them, when they were performed, and what was affected by the change (target function).
New features in CoreView will also assist with other IT auditing functions. The following list represents some of the advanced compliance auditing categories that will enable administrators to easily research employee activities:
- Datacenter Operations
- DLP issues
- Security and Compliance Center
- Usage for PowerBI, Sway, and Yammer
CoreView is now able to track more than 500 activities on your Office 365 tenants!
An example of the new audit report is shown below. It provides the audit record for each event name, including the user who performed the action, the date and time (in UTC) when it was performed, the target resource affected by the change, as well as the user, target and role details. Moreover, by clicking ‘Columns’, you can add or remove information from the audit report. Additional columns provide information regarding Updated Properties and Correlation Id. The columns can also be filtered, and as with other reports in CoreView it is simple to export, save, print, or schedule this report to run on a regular basis.
Furthermore, using V-tenants, or admin groupings, allows for the segmentation of the information in these audit reports. If you assign a specific administrator to ONLY view a subset of users then that is the only group of user activities that will be shown in the audit activity reports. The report can be added to the ‘Favorite Report’ by clicking on the star icon close the report name so that you can quickly access it under the first ‘Analyze’ tab once you have logged into the portal.
The data view can be updated instantly by clicking the ‘Refresh Data’ button. The success message appears once the data is refreshed.
In the top right corner of the table you can also adjust the time interval by using the drop-down picklist: yesterday, 7, 14, 30, 60 or 90 days, or choose the custom range.
Curious to view this report now? If you are already a customer running CoreView you can discover this report under ‘Audit’ tab together with other Azure AD Reports. Otherwise, take advantage of our free 14-day trial to check out the most advanced Office 365 management suite on the market.
New articles about other Azure AD reports are coming soon. Stay tuned!