Using ThreatLockDown to monitor Office 365

This section provides instructions for monitoring the Office 365 audit log for your organization.

The audit log allows ThreatLockDown to monitor:

• User activity in SharePoint Online and OneDrive for Business.

• User activity in Exchange Online (Exchange mailbox audit logging).

• Admin activity in SharePoint Online.

• Admin activity in Microsoft Entra ID (the directory service for Microsoft 365).

• Admin activity in Exchange Online (Exchange admin audit logging).

• eDiscovery activities in the security and compliance center.

• User and admin activity in Power BI.

• User and admin activity in Microsoft Teams.

• User and admin activity in Dynamics 365.

• User and admin activity in Yammer.

• User and admin activity in Microsoft Power Automate.

• User and admin activity in Microsoft Stream.

• Analyst and admin activity in Microsoft Workplace Analytics.

• User and admin activity in Microsoft Power Apps.

• User and admin activity in Microsoft Forms.

• User and admin activity for sensitivity labels for sites that use SharePoint Online or Microsoft Teams.

• Admin activity in Briefing email and MyAnalytics.