Microsoft Purview Audit (Premium) Log Activities via the O365 Management API
Auditing and reporting play important roles in the security and compliance strategy for many organizations. With the continued expansion of the technology landscape that has an ever-increasing number of systems, endpoints, operations, and regulations, it becomes even more important to have a comprehensive logging and reporting solution in place.
The following blog series deep dives into what audit logs are available and how to access them programmatically for use in reporting, alerting and other SIEM use cases.
Part 1⚓︎
In part 1, we discuss the importance of auditing and reporting for an organization's security and compliance posture. We also discuss Microsoft auditing solutions, auditing architecture (and its components), as well as Microsoft Information Protection audit log schema.
Part 2⚓︎
In part 2, we introduce a sample script that can be used to help understand how to programmatically connect and download audit events from the O365 management activity API. We then show how to integrate the DLP data into a sample PowerBI dashboard for reporting.
We're not done⚓︎
More parts to come soon!