Enable log analytics in office 365 teanant.

Microsoft Q & A 381 Reputation points
2023-04-06T07:13:21.0766667+00:00

I have 2 tenants , one office 365 tenant and one azure tenant. I want to enable log analytics in office 365 tenant with the same subscription of Azure.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,874 questions
{count} votes

2 answers

Sort by: Most helpful
  1. David Pazdera 316 Reputation points
    2023-04-06T10:20:27.47+00:00

    Hello, I don't think there is a quick and straightforward way to enable collection of all M365/O365 logs to Azure Log Analytics, especially since there are many types of logs to consider. Also, Log Analytics is primarily designed to work with telemetry from Azure resources. I would recommend you read this blog post at TechCommunity. It gives a good overview of what types of logs can be collected and how. The article focuses on security areas and threat hunting, but it is still useful.

    0 comments No comments

  2. Maxim Sergeev 6,566 Reputation points Microsoft Employee
    2023-04-07T00:13:30.2233333+00:00

    Hi there, For Office365 logs, there is only one option as out-of-the-box solution - https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/office-365 It requires to have Sentinel (which is actually using Log Analytics as a main data source). But keep in mind, Sentinel costs are higher than a standalone LA.

    Additionally to that, there are additional logs from AAD tenant, https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics probably this is enough to have.

    0 comments No comments