Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

Azure Active Directory group auditing

Grouping users in Azure AD can make your job as an administrator much easier, especially when it comes to policy application and permission management. Since groups carry permissions, you need to track when users are added to or removed from groups to prevent critical resources from falling into the wrong hands. M365 Security Plus, our extensive Microsoft 365 security solution, can help you do just that.

What can you audit with M365 Security Plus?

The native Microsoft 365 portal provides audit log information for created, modified, and deleted groups alone. M365 Security Plus, on the other hand, provides a multitude of reports on the actions that go on in your Microsoft 365 setup:

  • Created group: Get details on groups created in Azure AD with information on group name, group ID, who created the group, and when.
  • Updated group: Get details on groups modified by users with information on group name, group ID, operation performed, operation status, and more.
  • Deleted group: Get details on groups deleted in Azure AD with information on group name, group ID, who deleted the group, and when. Deletion is quite important as this action may lead to a loss of access to resources.
  • Added member to group: Get information on users added to a group. This helps you cross-check if the member can be added to that group or not.
  • Removed member from group: Know when a user is removed from a group, with details on who removed them and when.
  • Created group settings: Get audit details when new group settings have been configured.
  • Updated group settings: Get audit details on modified group attributes.
  • Deleted group settings: Get audit details on groups settings that have been deleted.

Microsoft 365 vs. M365 Security Plus

  • Long-term historical data: In native Microsoft 365, there are limits to how long you can retrieve historical data based on the data being audited. M365 Security Plus stores audit data indefinitely to maintain complete records.
  • Real-time auditing: Instead of gathering data for audit reports every single time, M365 Security Plus keeps audit reports updated in real time.
  • Profile-based auditing: Instead of having to peruse the entire list of audit reports to find the right one (as required in Microsoft 365), M365 Security Plus lets you create your own profiles so you can view only those audit details you need to see.
  • Group-based auditing: While auditing Azure AD, M365 Security Plus lets you generate reports for user activities based on group membership. Native Microsoft 365 can't audit user activities based on group membership.
  • Advanced filtering: In native Microsoft 365, you can only filter logs based on certain attribute values. Use M365 Security Plus to filter your logs based on any attribute and perform multi-valued searches as needed.
  • Custom views: While Microsoft 365 doesn't support custom views, with M365 Security Plus you can create your own custom views to see filtered data, summarized data, or summarized data that is filtered.
  • Business hours auditing: Microsoft 365 doesn't support restricted time frame auditing, but M365 Security Plus lets you retrieve audit details based on business hours or a specific period of time.
  • Export data: In native Microsoft 365, you can only export data to CSV. In M365 Security Plus, you can export audit data to PDF, XLSX, HTML, or CSV.

Need more than just a Microsoft 365 security solution? Try our unified
SIEM solution, Log360!

 Explore Log360 now!  Request demo
A Complete Microsoft 365 Security Solution