Microsoft Flow audit events now available in Office 365 Security & Compliance Center
At the end of September we announced that Microsoft Flow events were being made discoverable within the Office 365 Security & Compliance Center. Today we are announcing that this feature has completed rolling out to all Office 365 tenants in production.
The Office 365 Security & Compliance Center is designed to help organizations manage compliance across Office 365 including protecting data and complying with legal and regulatory standards. Customers have expressed interest in understanding how Microsoft Flow is being used within their organization. For example, which users are creating flows? Are flows being shared? What connectors are being used? In addition, customers are also interested in understanding the distribution of paid and trial licenses. Using the Office 365 Security and Compliance Center provides insight into both the consumption of the Microsoft Flow service and licensing.
Office 365 tenant administrators1 reach the Security & Compliance Center by navigating to https://protection.office.com. From there, the Audit log search is found under the Search and investigation dropdown.
Within the Audit log search screen, Tenant administrators can search audit logs across many popular services including eDiscovery, Exchange, Power BI, Azure AD, Microsoft Teams, Dynamics 365 and now Microsoft Flow.
Once the Audit log search screen is accessed, an administrator can filter for specific activities by pulling down the Activities dropdown. By scrolling down the list, a section dedicated to Microsoft Flow activities can be found. The Microsoft Flow activities available for discovery include:
- Created flow
- Edited flow
- Deleted flow
- Edited permissions
- Deleted permissions
- Started a paid trial
- Renewed a paid trial
With the Activities filter set, a timeframe and additional search parameters can be provided. The search is initiated by clicking on the Search button.
Within the result set, Flow audit information including User, Activity and Item will be displayed. The Item link can be clicked to get more details about the audit event.
A Details page will emerge which contains supplementary information about the activity. Additional information can be viewed by clicking on the More information link.
Within the More information screen, we have access to additional details including FlowConnectorNames, which includes a list of the connectors used within the flow.
We also have access to the FlowDetailsUrl which will take us to the Flow Admin center where we can perform additional administrative functions including managing permissions.
The retention period for audit data is 90 days. CSV exports of this data are also available which allow customers to further explore this data using Microsoft Excel or Power BI. Customers can expect events to be available in the Office 365 Security & Compliance Center within 90 minutes of them occurring.
The Microsoft Flow team is continuing to invest in the Admin experience. If you have any feedback about Microsoft Flow, or the admin experience, please feel free to post below in the comments, in our community, or reach out on Twitter.
1 Accessing the Office 365 Security & Compliance Center requires an Office 365 license, with appropriate permissions, to use the Security and investigation feature. Please refer to this link for additional information.