Office 365 Management Activity API Aids Transactions Visibility

One of a company's key requirements from any cloud service is to understand how its data is being used within the cloud service provider. Given the wide range of applications and devices that access their data in the cloud, organizations demand visibility into each data transaction, not just via user operations but even at the administrative level. Microsoft’s Office 365 service has been cognizant of that from the start and has provided detailed logs for user, admin and organizational events.

Microsoft has taken this a step further now and provided access to this information by announcing the Office 365 Management Activity API. This RESTful API with OAuth v2 will give access to Office 365 transactional activity, giving organizations a way to easily pull that data into their on-premises applications to monitor and comply with their data and security requirements.

The Management Activity API currently provides activity logs across three services: SharePoint Online, Exchange Online and Azure Active Directory. The plan is to roll it out to other services in the Office 365 Online suite. The API gives access to more than 150 transaction types with activity records containing key core fields like tenant, service, user, action, object, location and IP address.

The API will be helpful to organizations that are looking to use their own tools to visualize and audit their security compliance requirements. ISVs are already working with Microsoft to integrate this API into their security and compliance offerings. Avnet has integrated this API into its DocAve Policy Enforcer product, which can give customers an integrated view into all activities within their SharePoint environments online.

The API is currently part of a private preview, and customers/partners are invited to sign up for the preview program.

Be sure to read the next Security article: Security Breaches Lead to Bug Bounty Proliferation