Search This Blog

Friday, August 13, 2021

Configuring Auditing for Veeam Backup for o365

 In this post, we will configure auditing for operation perform by operator on view and restore by using Veeam Explorer.

To do so,

1. Access to swagger

2. Get Auth Token first

Click Auth & provide correct credential


Once get the Response Code - 200. Go to top & click Explore

3. Get Organization Id
Go to Organization | GET | Try it out

Take the value id


Example:
Id: cbae9938-a613-43db-b145-a0db19f0b4fa

4. Get Organization User
Go to OrganizationUser | GET
Enter the OrganizationID


It will provide all users information.
Take note the ID, DisplayName and Name that you want to audit


Example:

"id": "00000000-0000-0000-0000-000000000000059f610d-8850-481a-9ca9-9dffa5b84c6bAQUAAAAAAAUVAAAA-xyhw56yw8bPBloGeAQAAA",
      "displayName": "Alpha user",
      "name": "alpha@veeamdemo.local",

 "id": "00000000-0000-0000-0000-000000000000274e5496-3868-4a32-8287-65c7013597a4AQUAAAAAAAUVAAAA-xyhw56yw8bPBloG9AEAAA",
      "displayName": "Administrator",
      "name": "Administrator@veeamdemo.local",

5. Let start to audit administrator@veeamdemo.local
Go to OrganizationAudit | POST
Enter OrganizationID & Items

[ {   "type": "user",   "user": {     "id": "00000000-0000-0000-0000-000000000000274e5496-3868-4a32-8287-65c7013597a4AQUAAAAAAAUVAAAA-xyhw56yw8bPBloG9AEAAA",     "displayName": "Administrator",     "name": "Administrator@veeamdemo.local",     }   } ]


6. To verify
Go to OrganizationAudit | GET

Result listed as Response Code 200 and output in Response Body


You have successful enable auditing on administrator user. Next is enable auditing notification of the Audited Item.

7. Go to AuditEmailSettings | PUT

{
"enableNotification": true,
"smtpServer": "dc01.veeamdemo.local",
"port": 25,
"useAuthentication": true,
"username": "administrator@veeamdemo.local",
"userPassword": "P@ssw0rd",
"useSSL": true,
"from": "veeam@veeamdemo.local",
"to": "administrator@veeamdemo.local",
"subject": "VBO Audit - %StartTime% — %OrganizationName% - %DisplayName% - %Action% - %InitiatedByUserName%
}

Make sure result is Response Code 200.

Final step is verify by perform recovery on VBO Server