{"id":43624,"date":"2022-01-09T10:41:00","date_gmt":"2022-01-09T09:41:00","guid":{"rendered":"https:\/\/ways.se\/?p=43624"},"modified":"2024-01-11T15:24:46","modified_gmt":"2024-01-11T14:24:46","slug":"undersok-incidenter-med-microsoft-365-audit-log","status":"publish","type":"post","link":"https:\/\/ways.se\/sv\/artiklar\/undersok-incidenter-med-microsoft-365-audit-log\/","title":{"rendered":"Unders\u00f6k incidenter med Microsoft 365 Audit Log"},"content":{"rendered":"\n<p>Tusentals anv\u00e4ndar- och administrat\u00f6rs\u00e5tg\u00e4rder som utf\u00f6rs i dussintals Microsoft 365-tj\u00e4nster och -l\u00f6sningar f\u00e5ngas upp, registreras och sparas i en enhetlig granskningslogg som finns tillg\u00e4nglig i <a href=\"https:\/\/learn.microsoft.com\/en-us\/purview\/purview\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Purview<\/a>. Med hj\u00e4lp av s\u00f6kverktyget f\u00f6r granskningsloggen kan du s\u00f6ka efter, visa och exportera loggar f\u00f6r n\u00e5gon av dessa \u00e5tg\u00e4rder. Typiska dokumenthanteringsaktiviteter som du kan s\u00f6ka efter i loggarna \u00e4r<\/p>\n\n<ul class=\"wp-block-list\">\n<li>\u00d6ppnade eller f\u00f6rhandsgranskade dokument<\/li>\n\n\n\n<li>\u00c4ndrade dokument<\/li>\n\n\n\n<li>Uppladdade dokument<\/li>\n\n\n\n<li>Raderade eller \u00e5terst\u00e4llda dokument<\/li>\n\n\n\n<li>Nedladdade eller synkroniserade dokument<\/li>\n\n\n\n<li>Incheckade eller utcheckade dokument<\/li>\n\n\n\n<li>Kopierade eller flyttade dokument<\/li>\n<\/ul>\n\n<p>Microsoft 365 tillhandah\u00e5ller tv\u00e5 l\u00f6sningar:<\/p>\n\n<ol class=\"wp-block-list\" style=\"list-style-type:1\">\n<li>Grundl\u00e4ggande granskning\n<ul class=\"wp-block-list\">\n<li>F\u00f6r Microsoft 365-licenser (ej E5)<\/li>\n\n\n\n<li>90 dagars bevarande av loggar<\/li>\n\n\n\n<li>\u00c5tkomst via GUI, PowerShell och API<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Avancerad granskning\n<ul class=\"wp-block-list\">\n<li>F\u00f6r Microsoft 365 E5-licenser<\/li>\n\n\n\n<li>1 \u00e5rs bevarande av loggar (kan f\u00f6rl\u00e4ngas till 10 \u00e5r med ytterligare licenser)<\/li>\n\n\n\n<li>Anpassade policyer f\u00f6r lagring av loggar<\/li>\n\n\n\n<li>Kritiska h\u00e4ndelser<\/li>\n\n\n\n<li>H\u00f6gre bandbredd f\u00f6r \u00e5tkomst till API<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n<p>Grundl\u00e4ggande granskning \u00e4r aktiverat som standard f\u00f6r alla organisationer med r\u00e4tt prenumeration (en lista \u00f6ver prenumerations- och licenskrav finns i <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/auditing-solutions-overview?view=o365-worldwide#licensing-requirements\" target=\"_blank\" rel=\"noreferrer noopener\">Granskningsl\u00f6sningar i Microsoft 365<\/a>). Den enda inst\u00e4llningen innan du och andra i din organisation kan s\u00f6ka i granskningsloggen \u00e4r att tilldela de n\u00f6dv\u00e4ndiga beh\u00f6righeterna f\u00f6r att komma \u00e5t s\u00f6kverktyget f\u00f6r granskningsloggen.<\/p>\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/help.metashare.com\/en\/faq\/how-to-use-microsoft-365s-unified-audit-log\/#assign-permissions-to-search-the-audit-log\"><\/a>Tilldela beh\u00f6righeter f\u00f6r s\u00f6kning i granskningsloggen<\/h2>\n\n<p>Globala administrat\u00f6rer kan alltid s\u00f6ka i granskningsloggen. F\u00f6r att m\u00f6jligg\u00f6ra s\u00f6kning med l\u00e4gsta beh\u00f6righet kan administrat\u00f6rer och medlemmar i utredningsgrupper tilldelas rollen &#8221;Security Reader&#8221;. Se <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/admin\/add-users\/assign-admin-roles?view=o365-worldwide\" target=\"_blank\" rel=\"noreferrer noopener\">Tilldela administrat\u00f6rsroller i Microsoft 365 admin center<\/a>.<\/p>\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1200\" src=\"https:\/\/ways.se\/wp-content\/uploads\/security_reader_role.png\" alt=\"\" class=\"wp-image-16154\" srcset=\"https:\/\/ways.se\/wp-content\/uploads\/security_reader_role.png 1920w, https:\/\/ways.se\/wp-content\/uploads\/security_reader_role-300x188.png 300w, https:\/\/ways.se\/wp-content\/uploads\/security_reader_role-1024x640.png 1024w, https:\/\/ways.se\/wp-content\/uploads\/security_reader_role-768x480.png 768w, https:\/\/ways.se\/wp-content\/uploads\/security_reader_role-1536x960.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><figcaption class=\"wp-element-caption\">Rollen &#8221;Security Reader&#8221; i Microsoft 365 Admin Center<\/figcaption><\/figure>\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/help.metashare.com\/en\/faq\/how-to-use-microsoft-365s-unified-audit-log\/#search-the-audit-log\"><\/a>S\u00f6k i granskningsloggen<\/h2>\n\n<p>G\u00f6r s\u00e5 h\u00e4r f\u00f6r att s\u00f6ka i granskningsloggen:<\/p>\n\n<ol class=\"wp-block-list\" style=\"list-style-type:1\">\n<li>Logga in p\u00e5 <a href=\"https:\/\/compliance.microsoft.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Purview<\/a> med ett konto som har tilldelats adekvata granskningsbeh\u00f6righeter.<\/li>\n\n\n\n<li>In the left navigation pane click&nbsp;on \u201c<a href=\"https:\/\/compliance.microsoft.com\/auditlogsearch?viewid=Async%20Search\" target=\"_blank\" rel=\"noreferrer noopener\">Audit<\/a>\u201c:<br><img loading=\"lazy\" decoding=\"async\" width=\"475\" height=\"636\" class=\"wp-image-16158\" src=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_navigation.png\" alt=\"\" srcset=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_navigation.png 475w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_navigation-224x300.png 224w\" sizes=\"auto, (max-width: 475px) 100vw, 475px\" \/><br>On the&nbsp;Audit&nbsp;page, configure the search using the following conditions:<br><img loading=\"lazy\" decoding=\"async\" width=\"1521\" height=\"595\" class=\"wp-image-16160\" src=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_filters.png\" alt=\"\" srcset=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_filters.png 1521w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_filters-300x117.png 300w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_filters-1024x401.png 1024w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_filters-768x300.png 768w\" sizes=\"auto, (max-width: 1521px) 100vw, 1521px\" \/>\n<ul class=\"wp-block-list\">\n<li>Datum- och tidsintervall &#8211; v\u00e4lj ett datum- och tidsintervall f\u00f6r att visa de h\u00e4ndelser som intr\u00e4ffade inom den perioden. Datum och tid visas i lokal tid.<\/li>\n\n\n\n<li>Aktiviteter &#8211; v\u00e4lj de aktiviteter som du vill s\u00f6ka efter. Anv\u00e4nd s\u00f6krutan f\u00f6r att s\u00f6ka efter aktiviteter att l\u00e4gga till i listan. F\u00f6r en partiell f\u00f6rteckning \u00f6ver granskade aktiviteter, se <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#audited-activities\" target=\"_blank\">granskade aktiviteter<\/a>. L\u00e4mna denna ruta tom f\u00f6r att returnera poster f\u00f6r alla granskade aktiviteter.<\/li>\n\n\n\n<li>Anv\u00e4ndare &#8211; klicka i denna ruta och b\u00f6rja skriva in namnet p\u00e5 de anv\u00e4ndare som s\u00f6kresultaten ska visas f\u00f6r. Loggposterna f\u00f6r de aktiviteter som utf\u00f6rts av de anv\u00e4ndare du v\u00e4ljer i den h\u00e4r rutan visas i resultatlistan. L\u00e4mna denna ruta tom f\u00f6r att visa poster f\u00f6r alla anv\u00e4ndare i din organisation.<\/li>\n\n\n\n<li>Fil, mapp eller webbplats &#8211; skriv en del av eller hela namnet p\u00e5 en fil eller mapp f\u00f6r att s\u00f6ka efter aktiviteter som \u00e4r relaterade till den fil eller mapp som inneh\u00e5ller det angivna nyckelordet. Du kan ocks\u00e5 ange en URL f\u00f6r en fil eller mapp. Om du anv\u00e4nder en URL f\u00f6r en fil eller mapp ska du ange hela URL-s\u00f6kv\u00e4gen eller, om du anger en del av URL:en, inte inkludera n\u00e5gra specialtecken eller mellanslag. L\u00e4mna denna ruta tom f\u00f6r att returnera poster f\u00f6r alla filer och mappar i din organisation.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Klicka p\u00e5 knappen &#8221;S\u00f6k&#8221;. P\u00e5 sidan ser du nu att s\u00f6kningen k\u00f6rs. N\u00e4r s\u00f6kningen \u00e4r klar visas granskningsposterna p\u00e5 sidan. Klicka p\u00e5 en post f\u00f6r att visa detaljerade egenskaper: <br\/><img loading=\"lazy\" decoding=\"async\" width=\"1538\" height=\"1138\" class=\"wp-image-16163\" src=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result.png\" alt=\"\" srcset=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result.png 1538w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result-300x222.png 300w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result-1024x758.png 1024w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result-768x568.png 768w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_search_result-1536x1137.png 1536w\" sizes=\"auto, (max-width: 1538px) 100vw, 1538px\" \/><\/li>\n\n\n\n<li>S\u00f6kningen kan nu exporteras till en CSV-fil genom att klicka p\u00e5 &#8221;Export&#8221;-funktionen l\u00e4ngst upp i granskningsrapporten:<br\/><img loading=\"lazy\" decoding=\"async\" width=\"1101\" height=\"750\" class=\"wp-image-16178\" style=\"width: 560px\" src=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_log_export.png\" alt=\"\" srcset=\"https:\/\/ways.se\/wp-content\/uploads\/purview_audit_log_export.png 1101w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_log_export-300x204.png 300w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_log_export-1024x698.png 1024w, https:\/\/ways.se\/wp-content\/uploads\/purview_audit_log_export-768x523.png 768w\" sizes=\"auto, (max-width: 1101px) 100vw, 1101px\" \/><\/li>\n\n\n\n<li>Granskningsrapporten f\u00e5r ocks\u00e5 en unik URL, s\u00e5 att den kan delas med anv\u00e4ndare som har \u00e5tkomst till granskningsloggen.<\/li>\n<\/ol>\n\n<p>Mer detaljerad information om granskningsloggarna finns i <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/auditing-solutions-overview?view=o365-worldwide\" target=\"_blank\">Granskningsl\u00f6sningar i Microsoft Purview<\/a>.<\/p>\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/help.metashare.com\/en\/faq\/how-to-use-microsoft-365s-unified-audit-log\/#extending-the-audit-record-retention-period\"><\/a>F\u00f6rl\u00e4ngning av lagringstiden f\u00f6r granskningsloggarna<\/h2>\n\n<p>Om du bara har den grundl\u00e4ggande 90-dagars lagring av granskningsloggar kan du regelbundet k\u00f6ra en granskningsrapport med PowerShell eller API:er och spara granskningsrapporterna i ett externt arkiv. Det finns ocks\u00e5 tredjepartsverktyg som levererar dessa funktioner, t.ex:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.lepide.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Lepide Auditor for SharePoint<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.manageengine.com\/sharepoint-management-reporting\/\" target=\"_blank\" rel=\"noreferrer noopener\">ManageEngine SharePoint Manager Plus<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.solarwinds.com\/access-rights-manager\/use-cases\/sharepoint-audit-tool\" target=\"_blank\" rel=\"noreferrer noopener\">Solarwinds SharePoint Online Audit Log Tool<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.netwrix.com\/sharepoint_auditing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Netwrix Auditor for SharePoint and Teams<\/a><\/li>\n\n\n\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/splunkbase.splunk.com\/app\/4055\/\" target=\"_blank\">Splunk Add-on for Microsoft Office 365<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.syskit.com\/products\/spdockit\/solutions\/spdockit-sharepoint-audit-log-reports\/\" target=\"_blank\" rel=\"noreferrer noopener\">SysKit SPDocKit<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.intelex.com\/landing\/audit-management-software\" target=\"_blank\" rel=\"noreferrer noopener\">Intelex Audit Management Software<\/a><\/li>\n<\/ul>\n\n<div class=\"wp-block-group has-text-bright-color has-accent-1-background-color has-text-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading has-text-bright-color has-text-color\">S\u00e4kra dina dokument med MetaShare<\/h2>\n\n\n\n<p>S\u00e4kerhetsincidenter kan drabba vem som helst. En bra struktur och l\u00e4ttanv\u00e4nda verktyg minskar dock riskerna avsev\u00e4rt. Med MetaShare konfigureras dina arbetsytor automatiskt enligt b\u00e4st praxis, vilket g\u00f6r att det \u00e4r enkelt f\u00f6r dina kollegor att samarbeta p\u00e5 ett s\u00e4kert s\u00e4tt.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/metashare.com\/sv\/priser\/#prova-gratis\">Prova nu<\/a><\/div>\n<\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Tusentals anv\u00e4ndar- och administrat\u00f6rs\u00e5tg\u00e4rder som utf\u00f6rs i dussintals Microsoft 365-tj\u00e4nster och -l\u00f6sningar f\u00e5ngas upp, registreras och sparas i en enhetlig granskningslogg som finns tillg\u00e4nglig i Microsoft Purview. Med hj\u00e4lp av s\u00f6kverktyget f\u00f6r granskningsloggen kan du &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Unders\u00f6k incidenter med Microsoft 365 Audit Log\" class=\"read-more button\" href=\"https:\/\/ways.se\/sv\/artiklar\/undersok-incidenter-med-microsoft-365-audit-log\/\" aria-label=\"L\u00e4s mer om Unders\u00f6k incidenter med Microsoft 365 Audit Log\">L\u00e4s mer<\/a><\/p>\n","protected":false},"author":6,"featured_media":43628,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[96],"tags":[],"class_list":["post-43624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artiklar","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33","no-featured-image-padding"],"acf":[],"_links":{"self":[{"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/posts\/43624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/comments?post=43624"}],"version-history":[{"count":13,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/posts\/43624\/revisions"}],"predecessor-version":[{"id":43662,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/posts\/43624\/revisions\/43662"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/media\/43628"}],"wp:attachment":[{"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/media?parent=43624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/categories?post=43624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ways.se\/sv\/wp-json\/wp\/v2\/tags?post=43624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}