如何启用和配置Office 365日志和审计
CSO在线|2019年1月10日
确保正确设置Microsoft Office 365日志记录和审核,因此需要在需要时可用。
版权所有©2019 IDG Com足球竞彩网下载munications,Inc。
类似的
我是CSOnline的苏珊·布拉德利。今天我要讲一些我认为被忽略了的东西。老实说,我认为它应该是所有Office 365部署中的默认配置。这就是Office 365的审计和日志。我觉得它应该是默认打开的。而且是在未来。但现在你要确保它是打开的,并检查你的设置。提醒我这一点的是Office 365管理中心即将发布的公告,该公告提醒我,邮箱审计将在下周默认添加邮件读取功能。这实际上是在法医调查中被要求的。它被称为邮件项目访问操作。 It offers comprehensive forensic coverage and mailbox accesses sync operations and will really help any kind of forensic analysis of what went on in an investigation.
2019年2月初,微软将打开这一点。最初这些日志不会在Unified Audit日志中,只能从邮箱审核日志中获得。在办公室365中的那些你想要看看这个的底线。请参阅是否执行任何其他步骤以打开此日志记录。如果您目前正在进行任何日志记录,则可能需要重新评估您完成的一些设置。当然,如果您在想让您做的事情上首先,您从未打开审计,则在Microsoft 365或Office 365控制台的搜索和调查区域中,请参阅。单击“审核日志搜索”部分。如果您在此处注意到它在审计的情况下,如果已经启用,那么完善您将设置为Go。但是如果它说打开审计,那么我希望您继续前进并打开该审计。这是一个示例365中的示例我所拥有的这样的订阅。 And you can see even in the time that it's been on it showcases the number of times I've logged in and which IP address I've logged in from. You can set up new alerts and actually set up alerts of actions and accesses and again review this section if you've not already set these things up. The second step steps suggest that you do is check to see if you've turned on mailbox auditing. Now to do that you'll need PowerShell and if you haven't connected to exchange online PowerShell. I'm sure if you've done that by now but just in case there are instructions on how to do that. And once you've connected online then you want to enable mailbox auditing. And here you can see in power show a sample of the mailbox I've turned on. I've got logging enabled for 90 days. And you can see the commands there. If you use the audit command you can actually see if auditing is turned on in your environment. Now I recommend ato enable mailbox auditing for all mailboxes in your organization. You want to set it up ahead of time because if you come to a situation where you ask a question about access or who deleted something and you look at your environment and you think gee I didn't set up the mailbox auditing it's too late you need to set it up ahead of time. So that's why I suggest that you do this now while you don't need it because you never know when you might need to turn on mailbox auditing and investigate what's going on. For more information I've got some additional resources that I've linked to in the article including a YouTube video from. Randy Franklin Smith who's a guru on Windows security auditing. I’ve also linked to a white paper from the SANS infosec reading room about extracting timely signing data from Office 365 logs. Bottom line I want you to take the time now to enable auditing because you'll need it sooner versus later. Until next time this is Susan Bradley for CSOnline.
2019年2月初,微软将打开这一点。最初这些日志不会在Unified Audit日志中,只能从邮箱审核日志中获得。在办公室365中的那些你想要看看这个的底线。请参阅是否执行任何其他步骤以打开此日志记录。如果您目前正在进行任何日志记录,则可能需要重新评估您完成的一些设置。当然,如果您在想让您做的事情上首先,您从未打开审计,则在Microsoft 365或Office 365控制台的搜索和调查区域中,请参阅。单击“审核日志搜索”部分。如果您在此处注意到它在审计的情况下,如果已经启用,那么完善您将设置为Go。但是如果它说打开审计,那么我希望您继续前进并打开该审计。这是一个示例365中的示例我所拥有的这样的订阅。 And you can see even in the time that it's been on it showcases the number of times I've logged in and which IP address I've logged in from. You can set up new alerts and actually set up alerts of actions and accesses and again review this section if you've not already set these things up. The second step steps suggest that you do is check to see if you've turned on mailbox auditing. Now to do that you'll need PowerShell and if you haven't connected to exchange online PowerShell. I'm sure if you've done that by now but just in case there are instructions on how to do that. And once you've connected online then you want to enable mailbox auditing. And here you can see in power show a sample of the mailbox I've turned on. I've got logging enabled for 90 days. And you can see the commands there. If you use the audit command you can actually see if auditing is turned on in your environment. Now I recommend ato enable mailbox auditing for all mailboxes in your organization. You want to set it up ahead of time because if you come to a situation where you ask a question about access or who deleted something and you look at your environment and you think gee I didn't set up the mailbox auditing it's too late you need to set it up ahead of time. So that's why I suggest that you do this now while you don't need it because you never know when you might need to turn on mailbox auditing and investigate what's going on. For more information I've got some additional resources that I've linked to in the article including a YouTube video from. Randy Franklin Smith who's a guru on Windows security auditing. I’ve also linked to a white paper from the SANS infosec reading room about extracting timely signing data from Office 365 logs. Bottom line I want you to take the time now to enable auditing because you'll need it sooner versus later. Until next time this is Susan Bradley for CSOnline.
受欢迎的
来自IDG.tv的精选视频