To help you manage the large amount of information generated by devices and services, Microsoft offers centralized monitoring, logging, and analysis systems to provide continuous visibility, timely alerts, and reports.
Azure auditing and logging capabilities enable you to:
Create an audit trail for applications deployed in Azure and virtual machines created from the Azure Virtual Machines Gallery. Azure enables a set of operating system security events by default. You can add, remove, or modify events to be audited by customizing the audit policy. In addition to generating Windows event logs, you can configure operating system components to generate logs for security analysis and monitoring.
Learn more about security logging and audit log collection.
Perform centralized analysis of large data sets by collecting security events from Azure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). You can then use HDInsight to aggregate and analyze these events, and export them to on-site security information and event management (SIEM) systems for ongoing monitoring.
Learn more about HDInsight.
Monitor access and usage reporting by taking advantage of Azure logging of administrative operations, including system access, to create an audit trail in case of unauthorized or accidental changes. You can retrieve audit logs for your Azure Active Directory tenant, and view access and usage reports. This helps you gain visibility into the integrity and security of your deployment, and better determine where possible security risks may lie. In the Azure Management Portal, you can view usage and asset reports that include anomalous sign-in events, user-specific reports, and activity logs.
Learn more about using access and usage reports.
Export security alerts to on-premises SIEM using Azure Diagnostics, which can be configured to collect Windows security event logs and other security-specific logs. You can also export this data into a third-party, on-premises SIEM system for analysis and alerting.
Learn more about enabling Azure Diagnostics.
Get third-party monitoring and alerts from the Azure Marketplace, which offers a rich set of third-party tools for security monitoring and reporting. Partner tools include Alert Logic Threat Manager, a service that monitors threats around the clock; Cautela Labs Log Management for improving your log management and analysis of security events; and Derdack Enterprise Alert, which automates and centralizes alert notification processes.
Commercial Support takes a risk-based approach to logging and auditing its systems. Baseline log requirements are assessed and implemented during development. For systems that present a moderate or high risk, based on sensitivity, volume of data, and other criteria, Commercial Support logs any access to, and alteration of, data. Logs enable the detection of security incidents that have occurred or are in progress, and give investigators enough information to understand the events and circumstances surrounding an incident, including the name of the employee accessing the data, what was accessed, and when.
Dynamics CRM supports auditing where entity and attribute data changes within an organization can be recorded over time for use in analysis and reporting. Auditing is supported on all custom and most customizable entities and attributes.
Key to a secure deployment of computers and mobile devices in an organization is the ability to monitor their status. Intune provides the license status of all devices, as well as a list of actions that can affect them, such as the ability to remotely wipe a device. In addition, Intune provides two ways to monitor devices managed by Intune:
Office 365 auditing policies enable you to log events, including viewing, editing, and deleting content such as email messages, documents, task lists, issues lists, discussion groups, and calendars. When auditing is enabled as part of an information management policy, you can view reports on audit data and summaries of current usage. You can also use these reports to determine how information is being used within the organization, to manage compliance, and to investigate areas of concern.
For business, legal, or regulatory reasons, you may have to retain email messages sent by and to users in your organization, or you may want to remove email that you aren't required to retain. With Office 365 messaging records management technology, you can control how long items stay in users’ mailboxes, and define what happens to them after that time limit.
Learn more about Office 365 security.
The Power BI Azure Audit logs content pack can be used to analyze and visualize audit logs from Azure services. Power BI retrieves Azure data, builds an out-of-the box dashboard, and creates reports based on that data.
Learn more about analyzing and visualizing Azure Audit logs using Power BI.