Identity

Update to PwnCheck script

This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password.  They’re not currently in Office 365 (or even Active Directory), but the risk is the same:

Users tend to use the same passwords everywhere.… [ Continue reading ]

Scripting

Searching the Office 365 Unified Audit Log for Specific Activities, Sites, and Users

Last week, I was working with a large government customer in a consolidated tenant (read: all agencies in a single, centrally-managed tenant).  One of the questions that was presented was how to search and filter the audit log for entries relating to the following categories:

  • Files shared by an agency or department’s users
  • Files accessed in an agency’s SharePoint site collection

To that end, I based together this script. … [ Continue reading ]

Configuration

Connecting Splunk to Office 365 – Part 2: Microsoft Office 365 Reporting Add-On for Splunk

In Part 1 of this blog series, I went through the setup of the Splunk Add-On for Microsoft Cloud Services, which you can use to extract, query, and analyze data provided by the Office 365 Management Activity API.  In this particular post, we’re going to explore the Microsoft Office 365 Reporting Add-On for Splunk, which you can use to review message trace data from Office 365.… [ Continue reading ]