Security researchers have discovered a secret API in Microsoft Office 365 that gives investigators access to detailed information about activities that take place within Office 365.
Specifically, the undocumented API makes available information about attachment, read and search activities. It provides login details and metadata associated with activities, including item and time.
Microsoft has denied having a tool that provides this kind of information, which has long been of interest to those in the security industry. Discovery of the API was originally reported last month by CrowdStrike. Since then, CrowdStrike has released a Python tool that can interface with the API, and information security expert Richard Davis has published a YouTube overview of the API.
According to CrowdStrike, "Organizations and individuals alike can utilize this knowledge to respond to incidents, hunt for attackers, or simply to gain a better understanding of Office 365 Outlook mailbox operations." As a result of its utility, those who have an interest in the API will no doubt be hoping that Microsoft does not take action to prevent it from being used going forward.