Using ThreatLockDown to monitor Office 365
This section provides instructions for monitoring the Office 365 audit log for your organization.
The audit log allows ThreatLockDown to monitor:
User activity in SharePoint Online and OneDrive for Business.
User activity in Exchange Online (Exchange mailbox audit logging).
Admin activity in SharePoint Online.
Admin activity in Microsoft Entra ID (the directory service for Microsoft 365).
Admin activity in Exchange Online (Exchange admin audit logging).
eDiscovery activities in the security and compliance center.
User and admin activity in Power BI.
User and admin activity in Microsoft Teams.
User and admin activity in Dynamics 365.
User and admin activity in Yammer.
User and admin activity in Microsoft Power Automate.
User and admin activity in Microsoft Stream.
Analyst and admin activity in Microsoft Workplace Analytics.
User and admin activity in Microsoft Power Apps.
User and admin activity in Microsoft Forms.
User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams.
Admin activity in Briefing email and MyAnalytics.