O365 Security in OMS.
Do you need to audit the security logs from O365 but want it outside of the O365 portal?
Many organisations have a regulatory compliance requirement to audit O365 and do it outside of the O365 portal.
While O365 only stores audit data for up to 6 months, OMS on the other hand can store data for up to 2 years. The power of OMS allows us to analyse and integrate the data.
Everything is stored in your environment, in your Azure sub, with your controls. Nothing leaves your security boundary.
Where do we start
We build out an application registration
In Azure we create an application registration that gives us the URI to call. We configure the permissions and map them to the fields in OMS.
NEXT WE MOVE TO
In Azure Automation we connect to the application registration and use the URI from the application registration to connect to O365.
GET IT TO OMS
The OMS connection
When we get the logs into the OMS workspace we create a view for each of the 5 logs we are pulling in.
we can take the data out of oms
We can take this data and move it to places like Azure SQL or Power BI.