I am investigating data in O365 logs. Is there a way to distinguish which session a certain activity belonged? for example, if a user has his mobile phone, home PC and work PC logged on, how can I tell which device did the action?
Asked
Active
Viewed 9,545 times
1 Answers
1
Taken from: Use Office 365 tools for security investigations in Exchange Online and SharePoint Online
To examine the devices and applications from which a specific user connected to a mailbox in Office 365
- In the Security & Compliance Center, choose Reports > View reports.
- Under Auditing, choose Azure AD reports.
- In the Azure management portal, on the Active Directory tab, choose the name of your organization.
- Under your organization name, choose Users.
- Locate the user you want to investigate and choose the username.
- On the user page, choose Devices.
- In the View drop-down list, select Devices and applications from which the user has signed in. This will provide details, such as the version of client used to sign in, and the last sign-in time, IP address, and location of the user.
Noor Khaldi
- 3,869
- 3
- 19
- 28