Search This Blog

Friday, August 13, 2021

Configuring Auditing for Veeam Backup for o365

 In this post, we will configure auditing for operation perform by operator on view and restore by using Veeam Explorer.

To do so,

1. Access to swagger

2. Get Auth Token first

Click Auth & provide correct credential


Once get the Response Code - 200. Go to top & click Explore

3. Get Organization Id
Go to Organization | GET | Try it out

Take the value id


Example:
Id: cbae9938-a613-43db-b145-a0db19f0b4fa

4. Get Organization User
Go to OrganizationUser | GET
Enter the OrganizationID


It will provide all users information.
Take note the ID, DisplayName and Name that you want to audit


Example:

"id": "00000000-0000-0000-0000-000000000000059f610d-8850-481a-9ca9-9dffa5b84c6bAQUAAAAAAAUVAAAA-xyhw56yw8bPBloGeAQAAA",
      "displayName": "Alpha user",
      "name": "[email protected]",

 "id": "00000000-0000-0000-0000-000000000000274e5496-3868-4a32-8287-65c7013597a4AQUAAAAAAAUVAAAA-xyhw56yw8bPBloG9AEAAA",
      "displayName": "Administrator",
      "name": "[email protected]",

5. Let start to audit [email protected]
Go to OrganizationAudit | POST
Enter OrganizationID & Items

[ {   "type": "user",   "user": {     "id": "00000000-0000-0000-0000-000000000000274e5496-3868-4a32-8287-65c7013597a4AQUAAAAAAAUVAAAA-xyhw56yw8bPBloG9AEAAA",     "displayName": "Administrator",     "name": "[email protected]",     }   } ]


6. To verify
Go to OrganizationAudit | GET

Result listed as Response Code 200 and output in Response Body


You have successful enable auditing on administrator user. Next is enable auditing notification of the Audited Item.

7. Go to AuditEmailSettings | PUT

{
"enableNotification": true,
"smtpServer": "dc01.veeamdemo.local",
"port": 25,
"useAuthentication": true,
"username": "[email protected]",
"userPassword": "[email protected]",
"useSSL": true,
"subject": "VBO Audit - %StartTime% — %OrganizationName% - %DisplayName% - %Action% - %InitiatedByUserName%
}

Make sure result is Response Code 200.

Final step is verify by perform recovery on VBO Server