Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Microsoft Office 365 Logs Monitoring

    Last updated on 29 November, 2023

    Disclaimer: Microsoft Office 365 Logs Monitoring is a Closed Beta feature. You must be an active participant of the Microsoft 365 Logs beta program to access this feature.

    You can combine the LogicMonitor Microsoft Office 365 SaaS Integration and LM Logs to monitor your Microsoft Office 365 audit logs alongside your metrics. LogicMonitor supports monitoring for the following audit log types:

    • Azure Active Discovery (AD)
    • Sharepoint
    • Exchange
    • General
    • Data Loss Prevention (DLP)

    This article provides instructions for setting up audit log monitoring using LogSources to map the logs to your Microsoft Office 365 account in LogicMonitor.

    Requirements

    • An existing Microsoft Office 365 account in LogicMonitor with a registered Azure application. For more information, see Microsoft Office 365 Monitoring.
    • Audit logging is enabled for your Office 365 account. It should be on by default. For more information, see Microsoft documentation.
    • LM Logs enabled on your account. If needed, reach out to your CSM to enable the free trial on your account. 

    Setting Up Audit Logs Monitoring

    1. In your Microsoft 365 Management account, enable one or both of the following Request API permissions for your Azure AD application:
      1. ActivityFeed.Read-Monitors all audit log types
      2. ActivityFeed.ReadDlp-Monitors DLP policy logs
    2. Add LogSources to map the audit logs to your Office 365 account in LogicMonitor.
      1. From Settings > LogSources, select Add LogSource
      2. Enter a Name and Description
      3. Set the AppliesTo field to: hasCategory(“SAAS/office365”)
      4. Set the Type to: LM Logs: Office 365 Audit Logs 
      5. In the Collection Attributes, set the content type to the audit log type you want to monitor. You should add a LogSource for each of the audit types you want to monitor.
      6. Set the polling interval to define how many minutes LogicMonitor should wait between checking for new audit logs
      7. (Optional) Specify filters, fields, or masking for the ingested logs. By default all JSON keys will be included as metadata fields for the ingested logs.

    After the LogSources are added, you should see logs mapped to your Microsoft 365 account resource in LogicMonitor. You can see the logs in the Resources > Logs tab for for Microsoft 365 SaaS account and on the Logs page.

    Troubleshooting Office 365 Logs Monitoring

    If you are not seeing your Microsoft 365 audit logs in your LogicMonitor account:

    1. Search for the audit logs on your Microsoft 365 side to make sure that they exist. For more information, see the Microsofts’s Audit Log Search page.
    2. Confirm that you have defined the LogSource for the correct audit log type. You should have a LogSource for each of the five types of audit logs.

    After you have confirmed these two settings, contact Customer Success for assistance.

    In This Article