Search and Investigation Part 2: Audit Log

00:00

Welcome back to the M s 3. 65 Security Administration course.

00:05

I'm pumped to be your instructor, Jim Deng's.

00:08

We're on module five in this 3 65 compliance.

00:12

Listen,

00:13

tress

00:14

searching investigation

00:16

part two on along

00:18

in this lesson,

00:20

we're going to go over.

00:21

Permission is required to search around the old

00:25

permission is required to start around the analog. How to configure audit policies.

00:31

This is a part of my childhood,

00:33

right and stepping.

00:34

Fact I recently day or looking at doing a reboot of ren and Stimpy

00:40

kind of cool.

00:41

So if you watch your Innocenti, you know the long song logs. Or better than that,

00:49

you can search for these types of activities within in this for 65 through logs,

00:56

user activity and SharePoint on one drop

00:58

activity in exchange

01:00

even have exchange mailbox audit, logging,

01:03

admin activity in SharePoint and then activity and azure A d

01:08

at me and activity in exchange online user and admin activity and sway. If you use white,

01:15

he's an M and a activity in power bi I

01:18

user admin activity and teams user and am in activity in yammer.

01:23

And Microsoft is continuously adding more to the Auto log search

01:29

configuring audit policies.

01:32

Microsoft 3 65 Auditing policies enable organizations to log events

01:38

such as viewing, editing and deleting content like email messages. Documents. Task list

01:44

is useless. Discussion groups calendars

01:49

So all of these events

01:52

can be long.

01:53

So if you have someone who wants to know who do leader one document,

01:57

take it out along.

02:00

You have a policy when you think they can get in the work on it.

02:04

If there's a certain document SharePoint on, they want to know whenever is added it.

02:07

They can go in and set their own or user based alarms based on the analog.

02:13

Pretty cool stuff.

02:15

Once out of the is turned on

02:17

an admin

02:19

war compliance officer in search for hundreds of individual types of events from industry 65.

02:28

Some of the reasons you may want to search or to discover user and administrative activities or even find you discovery related activities.

02:38

You can filter search results

02:39

when you run auto long search, and when the results are displayed, just click full to result results so you have pretty filter opposed filter

02:50

exporting search results.

02:52

The results of an audit long starts can be exported into a CSTV foul

02:57

that's see SV Foul can be searched, sortie, filtered and have other advanced data features. Apply to it within Excel

03:07

advanced on it.

03:09

High value events power quicker investigations

03:14

process inside show contacts and key patterns.

03:16

Longer term attention

03:19

to meet investigation and compliance requirements near real time access to data to enable fast access to audit events.

03:30

Quit

03:30

e discovery actions. Such just searches and exports

03:34

are searchable in the office. 3 65 Audit logs True

03:38

Well, folks,

03:43

The answer to that, of course, is true. Yeah,

03:49

I'm going to give you guys will be a time to read the parody comic

03:53

for Schoolhouse Rock.

04:02

To recap The short lesson in mystery 65. Auditing policies

04:06

enables organizations to log events such as viewing, editing and deleting content,

04:13

such as email messages, documents

04:15

with

04:16

library items, discussion groups, calendars.

04:20

Thank you for joining me on this lesson.