Search-UnifiedAuditLog
- Blog
- Search-UnifiedAuditLog
Identifying Obsolete Guest User Accounts in an Office 365 Tenant
Many Office 365 applications now create Azure Active Directory guest accounts. What's the best way to discover if the accounts are active and in use? This PowerShell script uses the Office 365 audit log and message trace data to figure out what guest accounts are active and outputs a CSV file for your review and analysis. Like any other PowerShell script, it can be adapted to suit your purposes.
Last Update: Aug 22, 2023
- Dec 23, 2019
-
LATEST
Assigning Rights in a Sensitivity Label for External Communications with PowerShell
- Nov 05, 2020
-
Rights Management and Protection Sensitivity Labels are built using Microsoft Information Protection (MIP) and are available to Office 365 users with E3 or above licenses. When a label protects a file or message with encryption, the ability to decrypt the item to reveal its content is governed by the rights assigned to the recipient as…
New Crucial Audit Events Added to Office 365
- Oct 19, 2020
-
Helping Investigators Understand What Happened In March, Microsoft eventually released the MailItemsAccessed “crucial audit event” for accounts holding Office 365 E5 licenses (other suitable licenses include Microsoft 365 E5 or the Microsoft 365 E5 compliance). Crucial events are deemed to be of higher value to investigators or others who need to understand exactly what happened…