Delegate365-Working with Audit Logs

2017-06-26 | Toni Pohl

Delegate365 protocols all modifications of users, licenses and groups within the solution. This is essential to comprehend actions accomplished by Delegate365 administrators or by automated tasks. See how to work with that audited data here.

So, all actions are logged to the Delegate365 Audit Log. In the current versions, the audit logs are saved to an Azure Storage Account. There are three ways of working with the audit data:

  1. See audit data within Delegate365
  2. Access the data directly with Microsoft Storage Explorer
  3. Connect to the data with tools as Microsoft Excel or Power BI

All methods are available for Portal Admins in the administration / audit menu and are described here.

Important: The audit logs can grow very fast since all actions of all administrators and of the sync operations are logged. Depending on the number of objects that were changed, there can be a log of ten thousands of lines at each sync. Delegate365 provides various methods for accessing that data and for handling large amounts of data.

[Update 29th June: The following screenshots will open in full size for better readability when clicked.]

1. Seeing audit data within Delegate365

The auditing menu shows the latest audit data for quick lookups. This list can be filtered by Date range and by a simple search expression, like a AdminName or OU column. Depending on the changed being made, the Details column shows all changed properties or assignments. Auditing currently shows the last data up to 6 months (depending on the size of the log and the Office 365 tenant, so this can vary in your environment).

image

Since the data is logged in a variable data format, the admin can navigate through the details by opening the tree objects as shown here. For example, this user has been changed by the SyncOp automatically and some licenses have been added, so that there are now 27 active plans assigned .

image

This list can be browsed with the Previous and Next buttons at the end of each page.

Important: If the auditing log gets too extensive no data will be shown (the auditing list stays empty then). This happened at some Delegate365 tenants in the past. We are currently developing a workaround for that scenario in future. With the next update, the log will be divided into smaller parts per day to enable access in the Auditing module in all scenarios. This will be described here soon. If this happens in your tenant now, pls. follow the alternative steps as described below.

2. Working with the Microsoft Storage Explorer

The second method to work with audit data is to access it directly from the Delegate365 storage. Here, the amount of data is better to handle and the audit data can be exported for further use, for example for custom reporting.

Microsoft Storage Explorer is a powerful tool for exporting or querying Delegate365 audit data.

3. Using Power-BI

The third approach is to use Delegate365 audit logs directly from the storage with Microsoft Power BI.

Summary

All actions executed in Delegate365 are logged, whether it’s a manual action or an automated process. Portal Administrators get access to all the audit data of Delegate365. There are several ways to get all audit data easily for further usage in other tools. Opening the Delegate365 data storage is based on Microsoft standards and supports further scenarios and custom development.

We hope you like the (new) way of working with data out of Delegate365 and we appreciate your feedback.

Categories: Delegate365, English, Microsoft, Office365, atwork

Source: https://blog.atwork.at/post/2017/06/26/Delegate365-Working-with-Audit-Logs