Office 365

Announcing the new Office 365 Management Activity API for security and compliance monitoring

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Today’s post was written by Nagesh Pabbisetty, partner group program manager on the Office 365 Information Protection team.

The IT landscape is rapidly evolving, with trends like BYOD access, accelerated migration to the cloud, and many enterprises working with multiple cloud providers. These trends heighten the importance for companies to monitor access to their data as part of their overall approach to IT security.

Today within Office 365, there are a variety of ways for service administrators to obtain transactional information, with all of these methods providing a synthesized view of what is happening in Office 365. In our continuing effort to provide greater transparency into Office 365 service operations, we are working to deliver more event types, greater detail in event records, and consistent schemas for per-person, per-transaction logs for all user, admin and operational events. In addition, we are enabling instrumentation across the entire Office 365 service suite and providing standard RESTful APIs with OAuth v2 for easy consumption of these logs, to power your security, compliance and operational applications that serve your business needs.

The new Office 365 Management Activity API

Today we are announcing the new Office 365 Management Activity API and preview program. The Management Activity API is a RESTful API that provides an unprecedented level of visibility into all user and admin transactions within Office 365. The benefits of the Management Activity API include:

  • Access to more than 150 transaction types, with more planned in the future.
  • Activity logs from SharePoint Online, Exchange Online and Azure Active Directory, with plans to expand to additional Office 365 services within the suite.
  • A consistent schema across all activity logs in the service with a common core—fields including tenant, service, user, action, object, location and IP address, among others.
  • Simple on/off option for customers to enable instrumentation for the activity logs

We will release the API as part of a private preview program this summer. Starting today, customers and partners can sign up here to join the preview program.

ISVs are already building security and compliance solutions!

Select partners have already begun building solutions with the new API as part of a pre-release program. These rule-based, variance-based and machine learning-based security and compliance solutions provide sophisticated reports, interactive visualizations and operational dashboards to satisfy the complex needs of today’s enterprises. The partner solutions run the gamut, from those providing Office 365-specific solutions, to others that combine Office 365 logs with logs from other cloud services as well as on-premises installations. These integrations create a single pane of glass for integrated operations, security and compliance across the enterprise.

Next steps

Whether you are an admin or work in information security or compliance, you want to have a single view of security and compliance across your entire enterprise to know:

  • Who is accessing your information
  • Whether your security and compliance checks are working
  • Who is using your services

The Office 365 Management Activity API provides you with the increased visibility needed in today’s environment. We encourage you to sign up for the Office 365 Management Activity API preview program now, as space is limited.

Read on to learn more about the partners participating in the pre-release program, and descriptions in their own words about the solutions they have built using Office 365 Management API.

Come visit our booth at the RSA and Microsoft Ignite conferences to get an in-depth view of the sophisticated solutions being built on top of the Management Activity API.


AlertLogic Alert Logic Security-as-a-Service (SaaS) solution protects cloud, hybrid and on-premises datacenter infrastructure, delivering deep insight and continuous protection for over 3,000 customers worldwide. AlertLogic can aggregate the Office 365 Management Activity events with other security information to identify potential threats and help customers protect their environment.
AvePoint AvePoint enables enterprise collaboration across platforms and devices. Founded in 2001, AvePoint serves over 14,000 organizations worldwide and has a product portfolio including DocAve, Governance Automation, and Compliance Guardian. DocAve Policy Enforcer helps organizations rapidly respond to unauthorized modifications to Microsoft SharePoint configurations, security and management in the cloud and on-premises.
BetterCloud BetterCloud, trusted by 50,000-plus organizations worldwide, provides critical insights, automated management and intelligent data security for cloud office platforms. By leveraging open APIs, BetterCloud securely connects with your data at its source. BetterCloud for Office 365, currently in Beta, provides intelligent alerting, monitoring and insights for the Microsoft Cloud Platform.
CloudLock Cloud Access Security Broker (CASB) CloudLock provides a unified Cybersecurity dashboard for organizations adopting multiple SaaS applications. Office 365 is now supported by its Cloud Security Fabric, integrating previously released Office 365 and Azure APIs with the new Office Management Activity APIs.
Cogmotive Cogmotive provides automated Office 365 report building software used by customers worldwide to manage more than two million Office 365 seats. Cogmotive is building a powerful audit and compliance tool that will collect data on all employee Office 365 activities and analyze behaviors to help security officers prevent and respond to incidents.
Logentries Logentries provides a real-time log management and analytics service built for the cloud, making business insights from machine-generated log data easily accessible to development, IT and business operations teams of all sizes. Logentries empowers Office 365 admins to better manage their system security and compliance by providing usage monitoring, data visualizations and alerting on abnormal user behavior.
Netskope With Netskope’s Safe Cloud enablement solution, organizations can direct usage, protect sensitive data and ensure compliance in real-time, on any device, including native apps on mobile devices and whether on premises or remote and with the broadest range of deployment options in the market.
Palerra Palerra designed LORIC™ to protect enterprise clouds, giving security administrators the information they need to discover, understand and remediate risks through correlation, big data analytics and machine learning. LORIC protects Office 365 applications such as OneDrive, SharePoint and Exchange Online, monitoring user activity in these applications.
Rapid7 Rapid7 helps reduce risk of breach, detect and investigate attacks, and build effective cybersecurity programs. Informed by deep knowledge of attacker methods, Rapid7 UserInsight allows you to detect and investigate security incidents faster. It identifies intruders that use stealth attack methods, such as stolen credentials and lateral movement.
SkyHigh Networks SkyHigh Networks helps enterprises safely adopt cloud services while meeting their security, compliance and governance requirements. Over 350 enterprises, including Aetna, Cisco, DIRECTV, Hewlett-Packard and Western Union, use SkyHigh to gain visibility into all cloud services in use and their associated risk; analyze cloud usage to identify security breaches, compromised accounts and insider threats; and seamlessly enforce security policies.
Sumo Logic Sumo Logic provides a cloud-based machine data analytics service that helps enterprises gain deep operational, compliance and security insights across hybrid environments at unprecedented scale while reducing cost and complexity. Sumo Logic for Office365 is a centralized dashboard to monitor system and user activity that helps enterprises to improve their security and compliance posture.