Well.... Just started playing with it but this looks promising. Information isn't gathered until you get Azure going, will wait with bated breath until tomorrow.
Activity Use this report when you want to see the sign in activity for a user. The report includes information like the application signed into, device used, IP address, and location. We do not collect the history for users that sign in with a Microsoft account. Found under the Directory > User > Activity tab https://msdn.microsoft.com/en-us/library/azure/dn283934.aspx https://technet.microsoft.com/en-us/library/dn832618.aspx From: [email protected] [mailto:[email protected]] On Behalf Of Jonathan Raper Sent: Monday, July 06, 2015 7:44 PM To: [email protected]; [email protected] Subject: Re: [Exchange] RE: Exchange Online Audit question This is an interesting and valid question. I had not thought about this, but we are/have been accustomed to doing the same thing under certain circimstances by referncing the TMG logs. Curious if this info could be obtained by opening a service request for a legitimate security concern for login attempts against a given account that has been migrated to O365? It would be a pain because you can't do it yourself, but surely Microsoft has dealt with this by now..... Jonathan Raper, MCSE, VCA Senior Solutions Engineer NWN Corporation Sent by Outlook for Android On Mon, Jul 6, 2015 at 4:16 PM -0700, "Michael B. Smith" <[email protected]<mailto:[email protected]>> wrote: I am certainly not authoritative, but I don't know of any way to do this. You need access to the Connection logs or the IIS protocol logs, and neither of those are exposed via O365. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ramatowski, Paul M.. Sent: Monday, July 6, 2015 4:04 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Exchange Online Audit question On premise, we had local logs to look at when and where connections came from to a mailbox- for example my creds log into my mailbox from home and we could see the connection coming from my ISP's IP address. I have been asked- Is there a way to track where the connection comes from when my creds are used to log into my mailbox in Exchange Online. I've been looking around and best I can tell the answer is still no, as of January 2015 at least on the 0365 message boards. Best I can come up with is a last logon time which isn't helpful in this case. So question is, anyone know of a way this could be done whether third party tools are involved or not, or are we just Out of luck? Thanks, Paul
