SUCCESSFUL LOG MANAGEMENT FOR MICROSOFT 365 – THIS IS HOW IT WORKS.

Performance Management
Just monitoring network traffic ist not enough. Learn more about how to gain key insights by monitoring the right performance parameters.

Overview creates
Security.

The central collection of all log data from the entire IT landscape is essential for efficient error and security analysis. In the past, this was limited to logs for on-premises applications. Today, logs from cloud applications such as Microsoft 365 are also relevant. They provide important information on user activities such as sign-ins, alerts from Microsoft Defender and other security-relevant aspects.

You can therefore only get a comprehensive overview of your IT infrastructure if you include the log data for Microsoft 365 in your analysis.

The solution: DICOS log|essential log|essential offers you exactly this overview on the basis of OpenSearch (fork of Elastisearch). With log|essential you can process the logs of your Microsoft 365 environment centrally with all your other logs of your IT environment.
Florian-Liers-rund

Full control. Now!

Do you want a clear view of your Microsoft 365 log data – and everything beyond? Talk to us without obligation. We’ll work together to develop a customized solution for your company.

Florian Liers, Solution Architect, DICOS

Microsoft 365 logs securely in view

Office 365 Management Activity API Logs from the Office 365 Management Activity API can be easily connected. This includes user, admin, system and policy actions and events of the Office 365 and Azure AD activity logs.
Microsoft Defender Microsoft Defender alert logs can also be connected. Both Microsoft Defender ATP and Microsoft Threat Protection are supported. This leaves nothing to be desired.
Azure Furthermore, log|essential enables the connection of a range of Azure logs. These include Azure activity logs, platform logs, sign-in logs and audit logs. This gives you a complete overview.

How the connection works:

The Office 365 Management Activity API and Microsoft Defender logs are connected via Azure Applications. To do this, an application must first be created via the Azure portal and provided with the appropriate permissions. The associated open source software Filebeat, from the Beats agent family, is used to retrieve these logs. To do this, Filebeat must be configured with the access data of the Azure application so that the corresponding logs can be accessed.

To connect Azure logs, it is necessary to create event hubs. Secondly, the streaming of the corresponding logs to the event hubs must be set up in Microsoft 365. The Filebeat agent then accesses the event hubs and thus has access to the Azure logs.

Everything at a glance:
Dashboards with structure

log|essential offers many dashboards with clear visualization of your Microsoft 365 logs. You can use ready-made dashboards as well as create your own dashboards – individually tailored to your needs.

Powerful analysis tools also help you to gain new insights from the log data.

And there is even more. With log|essential, you can also conveniently process your Microsoft 365 logs. For example, you can enrich individual log events with additional information. You can also set up alerts that react to certain log events and send a notification.

Get started now!

Do you want to have full control over all the log data in your company at all times? We will be happy to show you all the options for collecting, visualizing and processing all your logs.

Contact us without obligation for an initial exchange. We look forward to hearing from you.