Viewing Reports for Microsoft Office 365
Locate and view Microsoft Office 365 reports on the Reports page.
Note:
If you registered your Office 365 instance before April 2016, to enable the features for SharePoint and OneDrive and for Azure AD, you must to reenter the Oracle CASB Cloud Service user's credentials for your registered application instance in the credentials update page. From the Oracle CASB Cloud Service console, select Applications, and then:
-
In card view, click the icon for the instance you want to modify, and then in the Health Summary, select Modify, Update credentials.
-
In grid view, drop down the Action list for the instance you want to modify, and then select Update credentials.
Exchange Reports
| Report Name | Description |
|---|---|
|
Office 365: Exchange administrator activity |
Helps to detect Exchange administrators who have an unusually high amount of activity. You can also check the Users page to see whether any administrators listed in this indicator are flagged as being high risk. |
|
Office 365: Cmdlets run |
You can track almost any type of Exchange Online activity through its corresponding cmdlet. |
Azure AD Reports
| Report Name | Description |
|---|---|
|
Office 365: Azure Active Directory audit report |
Helps to detect Azure AD administrators who have an unusually high amount of activity. You can also check the Users page to see whether users listed in this indicator are flagged as being high risk. |
|
Office 365: Azure Active Directory audit report |
You can track almost any type of Azure AD activity through its corresponding audit report. |
SharePoint/OneDrive Reports
| Report Name | Description |
|---|---|
|
Office 365: SharePoint/OneDrive files accessed |
Helps to identify suspicious trends regarding file access. |
|
Office 365: SharePoint/OneDrive audit report |
Helps to detect users who have an unusually high amount of activity. You can also check the Users page to see whether users listed in this indicator are flagged as being high risk. |
|
Office 365: SharePoint/OneDrive invitations created |
Helps to detect unwanted sharing of data, particularly files with sensitive information and sharing with users outside the organization's domain. You can also define a policy in Configuration, Policy Management to track sharing activity outside of your organization's domain. |
|
Office 365: SharePoint/OneDrive files deleted |
Helps to detect users who have an unusually high amount of file deletions. You can also check the Users page to see whether users listed in this indicator are flagged as being high risk. |
|
Office 365: SharePoint/OneDrive shared links created |
Helps to detect unwanted sharing of data, particularly files with sensitive information and sharing with users outside the organization's domain. You can also define a policy in Configuration, Policy Management to track sharing activity outside of your organization's domain. |
|
Office 365: SharePoint/OneDrive files modified |
Helps to identify suspicious trends regarding file access and use. |
|
Office 365: SharePoint/OneDrive files downloaded |
Helps to identify suspicious trends regarding data exfiltration. You can also define a policy in Configuration, Policy Management to track download activity for particular files or downloads by particular users. |
To view Office 365 reports
-
Select Reports from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon
to display it. -
Scroll to the section of report names that start with Office 365: and click anywhere in the row for the report you want to run.
-
Click View log data to see the raw log data for the issue.