Yammer is designed to connect people and teams across your organization so they can work more effectively together, while also meeting your organization’s security and compliance needs. Having visibility and control over your data within the cloud services you use—whether user actions, object activities or access points—is a critical part of IT compliance and security. We’re pleased to announce we are rolling out new auditing and reporting capabilities for Yammer, powered by the Office 365 Management Activity API and the Office 365 Security & Compliance Center.
These new capabilities provide a new level of visibility for IT and builds on our announcement earlier this year that Yammer is now covered by the Office 365 Trust Center. As part of the Office 365 Trust Center, Yammer complies with international and regional standards such as the Office 365 Data Processing Agreement with European Union Model Clauses (DPA with EUMC), Health Insurance Portability and Accountability Office 365 Business Associate Agreement (HIPAA BAA), ISO 27001, ISO 27018, Section 508 for web accessibility, and SSAE 16 SOC 2 report. We also recently announced an update to the Yammer apps for iOS and Android that allows IT administrators to protect their corporate data using mobile application management (MAM) controls in Microsoft Intune.
Auditing and reporting across various user and admin activities
The Office 365 Management Activity API is a RESTful API that already provides visibility into user and admin transactions across SharePoint Online, Exchange Online and Azure Active Directory. The Office 365 Security & Compliance Center aggregates these transactions into a single searchable log. Today, we’re pleased to announce our plans to include Yammer user and admin transactions in both the Office 365 Management Activity API and the Office 365 Security & Compliance Center.
More than 25 different Yammer operations spanning five categories will be made available for auditing:
- Users—including activating a user, suspending a user and deleting a user.
- Groups—including creating a group, adding a member to a group and deleting a group.
- Files—including creating a file, viewing a file and deleting a file.
- Admins—including exporting data, triggering private content mode and forcing all users to log out.
- Network settings—including changing network usage policy and changing data retention policy.
This support article has the complete list of operations available.
Using the Office 365 Management Activity API to audit Yammer data
To get to the Yammer reports, open the Security & Compliance Center from the Office 365 Admin Center, then click the Search & investigation tab and select Audit log search. Currently, audit history is retained for 90 days, and admins can export results to a CSV file for additional reporting in Excel.
Yammer operations and details can be viewed through the Office 365 Security & Compliance Center.
Find more information on using the audit log reports here, from getting started to understanding all that is audited.
Applications can also consume audit data using the Office 365 Management API. The API provides a consistent schema across all activity logs and allows organizations and ISVs to integrate Office 365 audit data into their security and compliance monitoring and reporting solutions.
To learn more about the API all up and the Yammer specifics, visit the following:
- Getting started guide—app registration and configuration in Azure AD to get OAuth working.
- Activity API reference—describes the API and various operations.
- Activity API schema—describes the schema of the data returned by the API.
Control on your terms with cross application security and compliance
Organizations want a collaboration platform that gives them the right level of control, compliance, privacy and security. Because Yammer is part of Office 365, IT departments can easily manage user access and controls and ensure that corporate data is private, secure and compliant. These new capabilities will roll out to Office 365 commercial customers over the coming weeks. More information about auditing and reporting in Yammer can be found in the support article.