O365 Security in OMS. 

 

Do you need to audit the security logs from O365 but want it outside of the O365 portal?

Many organisations have a regulatory compliance requirement to audit O365 and do it outside of the O365 portal.  

While O365 only stores audit data for up to 6 months, OMS on the other hand can store data for up to 2 years.  The power of OMS allows us to analyse and integrate the data. 

Everything is stored in your environment, in your Azure sub, with your controls. Nothing leaves your security boundary. 

 
 
 
 
 
vendors_01.jpg

Where do we start

We build out an application registration 

In Azure we create an application registration that gives us the URI to call. We configure the permissions and map them to the fields in OMS. 

 

 
vendors_04.jpg

NEXT WE MOVE TO

Azure Automation 

In Azure Automation we connect to the application registration and use the URI from the application registration to connect to O365.

 
vendors_03.jpg

GET IT TO OMS

The OMS connection

When we get the logs into the OMS workspace we create a view for each of the 5 logs we are pulling in. 

 
vendors_02.jpg

we can take the data out of oms

Power BI

We can take this data and move it to places like Azure SQL or Power BI.