Skip to main content
Sumo Logic

Microsoft Office 365 App Dashboards

Office 365 - Overview

Successful Activity by Workload. Displays your overall Office 365 workload activity by service as an area chart on a timeline for the last 24 hours.

Failed Activity by Workload. Shows any failed activity by Office 365 workload as a column chart on a timeline for the last three days.

SharePoint Operations. Provides information on all SharePoint operations activity by name and count as a line chart on a timeline for the last 24 hours.

Exchange Operations. Shows the Exchange operations activity by name and count on a stacked bar chart for the last 24 hours.

Azure AD Operations Trends. Displays Azure AD operations activity by action and count as a stacked column chart on a timeline for the last 24 hours.

General

Office 365 - Usage by Location

Office 365 Transaction by Client Location. Performs a geo lookup operation and displays Office 365 transactions by client location on a map of the world for the last 30 days.

Azure AD Transactions by Client Location. Performs a geo lookup operation and provides Azure AD transactions by client location on a map of the world for the last 30 days.

SP and OD Transactions by Client Location. Performs a geo lookup operation and shows SharePoint and OD transactions by client location on a map of the world for the last 30 days.

Exchange Transactions by Client Location. Performs a geo lookup operation and displays Exchange transactions by client location on a map of the world for the last 30 days.

Azure Active Directory

Office 365 - Active Directory Activity

o365_active_directory_activity.png

Top Users by AAD Admin Activity. Shows the top users by Azure AD administrator activity in a table chart including details on the user ID and the count for the last 24 hours.

AD Transactions by Client Location. Uses a geo lookup operation to display AD transactions by client location on a map of the world for the last 24 hours.

AD Operations. Displays AD operations activities by name and count as a line chart on a timeline for the last 24 hours.

Top Client IPs. Provides details on the top client IP address in a stacked column chart on a timeline for the last 24 hours.

Failed Activity Over Time. Shows failed activities in an area chart on a timeline for the last 24 hours. 

Exchange

Office 365 - Exchange - Admin Audit

Top 10 Operations. Displays the top 10 operations in a table chart including details on operation and frequency for the last 14 days.

Top 10 Active Users. Shows the top 10 active users in a table chart including details on user ID and frequency for the last 14 days.

User Types. Provides information on user types in a table chart including details on user type and frequency for the last 14 days.

Users Making Configuration Changes. Displays all users making configuration changes in a table chart including details on user ID and frequency for the last 14 days.

Configuration Changes by External Access. 

Recent Parameter Changes. Shows details on recent parameter changes in a table chart including information on the name and frequency for the last 14 days.

Configuration Changes (All). Displays details on all configuration changes in a table chart, including information on user ID, object ID, originating server, operation, name, value, and frequency for the last 14 days.

Office 365 - Exchange - Group Audit

Top 10 Operations. Displays the top 10 operations by name and frequency in a column chart for the last six hours.

Top 10 Active Users. Shows the top 10 active users by user ID and frequency in a column chart for the last six hours.

Top 10 Clients. Provides details on the top 10 clients by name and frequency in a bar chart for the last six hours.

Folders. Displays the folders accessed in a pie chart for the last six hours.

Recent Activities (All). Shows all recent activity in a table chart including details on time, user ID, client IP address, originating server, operation, client process name, client version, and logon type for the last six hours.

Logon Types. Provides information on logon types in a pie chart for the last six hours.

Recent Activities (External Access). 

Office 365 - Exchange - Mailbox Audit

Top 10 Operations. Displays the top 10 operations by operation name and frequency in a bar chart for the last 24 hours.

Top 10 IPs. Shows the top 10 IP addresses by IP and frequency in a bar chart for the last 24 hours.

Top 10 Users. Provides details on the top 10 users by user ID and frequency in a bar chart for the last 24 hours.

Top 10 Clients. Displays the top 10 clients accessed in a table chart including details on the client process name, client version, and frequency for the last 24 hours.

Top 10 Email Client Used. Shows information on the top 10 email clients used in a table chart including details on email client, version, and frequency for the last 24 hours.

Logon Types. Displays logon types in a pie chart for the last 24 hours.

External Access. 

Office 365 - Exchange - Mailbox Audit - Client Locations

Worldwide Clients. Performs a geo lookup operation to display worldwide client IP address locations on a map of the world for the last 24 hours.

Clients by Country Over Time. Displays clients by country in a stacked column chart on a timeline for the last 24 hours.

United States Clients. Performs a geo lookup operation to display United States client IP address locations on a map of the world for the last 24 hours.

Clients by State Over Time. Shows clients by state in a stacked column chart on a timeline for the last 24 hours.

SharePoint

Office 365 - SharePoint - Content Insight

Top 10 SiteUrl Accessed. Displays the top 10 SiteUrls accessed in a table chart including details on siteurl and count for the last 24 hours.

Top SharePoint Resources. Shows the top SharePoint resources accessed in a table chart including details on the source relative URL, source file name, and count for the last 24 hours.

File Type Accessed. Provides details on the file type accessed in a table chart including details on the file type and count for the last 24 hours.

Most Downloaded Contents. Displays the most downloaded content in a table chart including details on the source relative URL, source file name, and frequency for the last 24 hours.  

Recently Uploaded Contents. Shows recently uploaded content in a table chart including details on the source relative URL, source file name, user ID for the last 24 hours.

Top 10 Most Viewed Contents. Provides details on the top 10 most viewed content in a table chart including details on source relative URL, source file name, and frequency for the last 24 hours.

Contents CheckedIn-CheckedOut Recently. Displays information on content that was checked in and checked out recently in a table chart, including details on source relative URL and source file name for the last 24 hours.

Office 365 - SharePoint - User Activity

Top 10 Active Users. Displays the top 10 active users in a table chart including details on user ID and count for the last 24 hours.

Top 10 Active IPs. Shows the top 10 active IP address in a table chart including details on the client IP and count for the last 24 hours.

Top Sharing Activities by User ID. Provides information on the top sharing activities by user ID in a table chart including details on user ID, count, and operation for the last 24 hours.

Top 10 Users Involved in Sharing Operations. Displays the top 10 users who have performed sharing operations in a table chart, including details on user ID and count for the last 24 hours.

Top 10 Users Downloading Content. Shows the top 10 users who have downloaded content in a table chart including details on user ID and frequency for the last 24 hours.

Top 10 Users Uploading Content. Provides details on the top 10 users who have uploaded content in a table chart including details on user ID and frequency for the last 24 hours.

Office 365 - SharePoint - Visitor Locations

Worldwide Visitors. Performs a geo lookup operation to display worldwide client IP address locations on a map of the world for the last 24 hours.

Visits by Country Over Time. Displays visitors by country in a stacked column chart on a timeline for the last 24 hours.

United States Visitors. Performs a geo lookup operation to display United States client IP address locations on a map of the world for the last 24 hours.

Visits by State Over Time. Shows clients by state in a stacked column chart on a timeline for the last 24 hours.

Office 365 - SharePoint - Shared Content Non-Domains Activities

Top 10 Users Sharing Outside Domain. Displays the top 10 users sharing content outside the domain in a table chart including details on user ID and frequency for the last seven days.

Top 10 Non-Domain Users With Access. Shows information on the top 10 non-domain users with access in a table chart including details on user shared with and frequency for the last seven days.

Top 10 Non-Domain Users Downloading. Provides information on the top 10 non-domain users downloading content in a table chart including user ID and frequency for the last seven days.

Top 10 Contents Downloaded by Non-Domain Users. Displays the top 10 contents downloaded by non-domain users in a table chart including details on the source relative URL, source file name, and frequency for the last seven days.

Top 10 Non-Domain Users Uploading. Shows the top 10 non-domain users uploading content in a table chart including details on user ID and frequency for the last seven days.

Recent Uploads by Non-Domain Users. Provides details on recent uploads by non-domain users in a table chart including information on source relative URL and source file name for the last seven days.

Top 10 Non-Domain Users Viewing Contents. Displays the top 10 non-domain users who have viewed content in a table chart, including details on user ID and frequency for the last seven days.

Top 10 Contents Viewed by Non-Domain Users. Shows the top 10 content items viewed by non-domain users in a table chart, including details on source relative URL, source file name, and frequency for the last seven days.

Searches

To use the following searches, you will need to edit the search query to add the specific IP address or user email as needed. 

Demo - Geo Lookup on Suspicious IP. Performs a geo lookup operation on a suspicious IP address that you specify. 

Demo - Honing on Suspicious User. Provides information on a suspicious user that you identify. 

Demo - LogReduce on Suspicious IP. Performs a LogReduce operation on a suspicious IP address that you specify. 

Demo - Outlier. Performs an outlier operation on a IP address that you specify.