Hi. I'm Shawn Barker, Product Manager at Quest Software. And I'm going to demonstrate how Quest Change Auditor can audit activity across both on premises Exchange and Office 365 Exchange Online. Change Auditor for Exchange simplifies the audit process by tracking, auditing, reporting, and alerting on Microsoft Exchange Server and Office 365 Exchange online configuration and permission changes in real time. Change Auditor for Exchange audits all critical changes to Exchange and Exchange Online such as mailbox log-ons and access, non-owner mailbox activity, and permission changes. Change Auditor provides a centralized console for all of the activity being audited in your on premises Exchange and Office 365 Exchange environments. And if you have a hybrid deployment, you will be able to combine the views from both environments into a single pane of glass. Change Auditor offers hundreds of built in searches to help you address your security concerns as well as your regulatory compliance needs.
But Change Auditor isn't just limited to reporting on Exchange changes. It also audits activity in Active Directory, Azure Active Directory, Windows File and Network Attached Storage from EMC, NetApp, and Dell, SQL SharePoint, Skype for Business, user log-ons and more. Regardless of the platform, every event displays all important information about the change in a simple readable format. Each event includes when the change was made, where it originated from, or the work station, where the change was made, who made the change-- the actor involved in the change-- and what object was impacted by the change. In a hybrid environment, Change Auditor correlates activity across Cloud and on premises, showing you the mapped identities and ensuring that you can view all activity a specific user is responsible for regardless of whether they initiated with their on prem credentials or their Office 365 account.
Change Auditor also captures the before and after information for changes so that you can see what was changed and more quickly troubleshoot problems. Here I see an event that one of my administrators has added someone to a privileged active directory group. The related search feature gives you instant one click access to all user activity related to the event in question, making this forensic investigation significantly easier. From the results, I can find out when this administrator recently logged in and from where, as well as any other changes they have made either in on premise Active Directory, Exchange, or Office 365.
Change Auditor also offers a web client so you can access this information from anywhere. From my search results, I can plot these on an interactive event timeline showing all searches within a related time period. From the timeline, I can isolate an individual change, click the hyperlink, and go right to the event details. With Change Auditor, it's very easy to create a new search specifying exactly what you want to see and set it up as a proactive alert so I can receive notification by email.
In my search, I can narrow down the scope by specifying who made the change, where the change is coming from, when it was made, or what specific items were changed. In this case, I want to be alerted on all changes to a sensitive shared mailbox. I can save this as a search to be rerun later on or configure it to alert me proactively by email. For more information about Change Auditor or to start your free trial now, visit Quest.com/Change-Auditor.