Microsoft 365 Azure Audit Log Activity
- Steve Challans
he Microsoft 365 Azure Audit Log Activity logs come in on UTC time format as many cloud providers use. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.
The specific log types in the widgets are for Azure Audit activity.
Exchange Admin Logs over time - shows the admin log activity rate for today.
Exchange Admin Logs by UserType - The type of user that performed the operation.
Azure Logins - The actual login name of the users performing the actions.
Azure Log Activity by Operation - The name of the user or admin activity. The value of this property corresponds to the value that was selected in the Activities drop down list. If Show results for all activities was selected, the report will included entries for all user and admin activities for all services
Azure Log Activity by EventType - results of the event types the system is producing.
Azure Results Status Operations - Result status of the event.
Some example of the dashboard items are below.
