The Schwartz Report

Blog archive

A Look at Office 365 Native E-Mail Auditing Alternatives

It's no secret the biggest obstacle for some organizations to consider moving their e-mail from Exchange Server on premises to Microsoft's Office 365 is security and the ability for organizations to meet compliance requirements. Microsoft's answer is the auditing features that come with Office 365.

Among the auditing capabilities offered with Exchange Online are the abilities by administrators to enable logging for user mailboxes using remote PowerShell, view records from the Exchange admin audit log and from user mailbox audit logs. IT can also run admin role group audit reports to see which users where added or removed from role groups, according to a Microsoft TechNet post, along with searching the Office 365 Security and Compliance Center.

Many shops may require more than the auditing capabilities included in the Microsoft Office service. At least that's what several suppliers of Exchange auditing tools contend including Cogmotive, Knowledge Vault and Netwrix, among others. The latter supplier last week launched its new Netwrix Auditor for Office 365, which the company said protects Exchange Online from security threats by providing visibility into the entire e-mail environment.

The tool detects and reports changes made to Exchange objects, configurations and permissions including non-owner mailbox access, the company said. Netwrix CEO and Cofounder Michael Fimin said in an e-mailed response that Microsoft's native Office 365 auditing feature has limited capabilities.

"Native tools lack reporting capabilities, search and filtering options," Fimin said. "They also lack the ability to consolidate changes and non-owner access into a single view. Retrieving data using native Office 365 auditing requires tedious work."

Netwrix Auditor predefined audit reports and overview dashboards aggregate data from the entire Exchange Online organization and analyze what's happening in the hosted e-mail server. "The reports and dashboards have flexible filtering, sorting and exporting options, and can be scheduled via report subscription option." Microsoft's native tools don't provide options for archiving auditing data, he added.

For its part, Cogmotive said its Compliance & Audit tool collects data of all employees' Office 365 activities using the Office 365 Management Activity API, including all files modified, login attempts, password changes, mailbox access and other actions.

And KnowledgeVault emphasizes its ability to automate auditing processes across user groups and privileged administrators, while discovering suspicious behavior. The company said its tool also creates a variety of reports that offer details on user logon patterns, non-owner access and activity and analyses of changes in mailbox and user permissions as well as license changes.

Note: An earlier version of this post inadvertently attributed quotes by Netwrix CEO Michael Fimin to the incorrect company official.

Posted by Jeffrey Schwartz on 04/27/2016 at 12:49 PM


comments powered by Disqus

Subscribe on YouTube