On Demand Audit

Streamline security, compliance and change auditing for hybrid Microsoft environments. Powered by Azure AI and Machine Learning, On Demand Audit enhances your ability to track all configuration, user, and administrator changes across AD, Entra ID, file servers, network-attached storage, Exchange Online, SharePoint Online, OneDrive for Business, and Teams. Using AI-driven insights, this SaaS Microsoft 365 auditing tool identifies critical patterns, highlights security vulnerabilities, and detects anomalous activity with precision and speed.

Try Online
Request Pricing
On Demand Audit
Overview Tech Specs Resources Support
Try Online
As you move more workloads to the Microsoft cloud, your reliance on Entra ID will increase, and so will the risk and complexity in securing your hybrid environment. Microsoft 365 and Entra ID security logs don’t provide consolidated views of on-premises and cloud activity, and system-provided tools do not make it easy to identify exploits, vulnerabilities, and suspicious activity. On Demand Audit streamlines and enhances Microsoft 365 auditing by combining on-premises threat prevention provided by Change Auditor with dynamic vulnerability assessment, automatic anomaly detection and contextual visualizations to mitigate costly attacks and accelerate security investigations.
Security dashboard
Critical asset protection
AI-powered anomaly detection
Remediate AD attack paths
Hybrid auditing
Flexible search
Alerts

Security vulnerability dashboard

Analyze event data from on-prem and Microsoft 365 workloads for a single view of security vulnerabilities and anomalous activity across your hybrid environment. This Microsoft 365 auditing tool allows you to be alerted to indicators of compromise (IOCs), including Kerberos exploits, offline extraction of the AD database, unauthorized domain replication, changes to sensitive groups and roles, as well as unusual spikes in sign-in failures, account lockouts and activity by external guest users. Accelerate investigations through contextual visualizations to detect and stop breaches before they wreak havoc in your network.

Critical asset protection

Through integration with SpecterOps BloodHound Enterprise, this Microsoft 365 auditing tool allows you to identify all critical Tier Zero assets and automatically monitor them for any suspicious activity indicating they’ve been compromised. 

AI-powered anomaly detection

Automatically analyze all activity from your on-prem AD, file servers, and network-attached storage, as well as Entra ID and Microsoft 365 workloads to detect anomalous surges in sensitive activity that could be indicative of an attack or compromise. Leverage Azure AI and Machine Learning to establish behavioral baselines and proactively identify deviations, such as suspicious increases in sign-in failures, account lockouts, permission changes, file renames, external guest activity, and files shared externally. AI-driven insights reduce false positives, highlight critical threats, and provide actionable data to mitigate risks before they escalate. Visualize anomalies in context to focus on true threats and accelerate your response.

Remediate AD attack paths

Identify all attack paths to your critical Tier Zero assets by integrating with SpecterOps BloodHound Enterprise. This Microsoft 365 auditing tool allows you to leverage On Demand Audit’s detailed user activity history to inspect attack path edges prior to removing access to the path – ensuring there are no unexpected consequences to the remediation.

Hybrid identity auditing

Search by both on premises and cloud identities, so you can find all user activity regardless of where the activity originated, leading to more thorough Microsoft 365 auditing. Through integration with Quest Change Auditor, on-premises AD activity is combined with cloud activity for a hybrid view of all user actions.

Responsive, flexible search

Slash investigation time with fast, intuitively built searches across tenants that deliver immediate results. This Microsoft 365 auditing tool simplifies your Microsoft 365 security audit by providing flexible searches on any event or any field, including by actor, changed attributes, activity details or cloud-only objects.

Real-time alerts on the move

Maintain constant visibility and respond from anywhere — and on any device —to vital policy changes and suspicious events, regardless whether they occur on premises or in the cloud. With On Demand Audit, you can send real-time Microsoft 365 auditing alerts to email and mobile devices to prompt immediate action, even while you're not on site.

That’s not all!

Interactive data visualizations

Transform millions of on-premises and Microsoft 365 audit events into interactive visual dashboards that help you simplify compliance reporting and investigate incidents faster.

Threat prevention

Integrate with Change Auditor to block attackers from lateral movement by stopping them from making changes to on-premises groups and GPOs or exfiltrating your AD database to steal credentials – regardless of the privileges they’ve hijacked.

360° security protection

From upfront vulnerability assessment to intrusion detection and monitoring of compromised accounts, Change Auditor has you covered at every step.

Normalized audit view

Unlike Microsoft 365 auditing using Microsoft-provided tools, On Demand Audit translates raw audit logs into a meaningful, normalized format. On Demand highlights the most important event details, including before and after values, so you can make quick decisions where your security is concerned.

Long-term storage

On Demand Audit stores audit history for up to 10 years at a fixed subscription price. This enables you to keep the audit data you need to satisfy security and compliance policies, without increasing your own Azure storage costs.

Granular, delegated access

In just a few clicks with On Demand Audit, you can give your security and compliance teams, help desk staff, IT managers and even external auditors and partners exactly the reports they need and nothing more. This Microsoft 365 auditing tool provides granular, delegated access to safely empower users to get the insights they need without making any configuration changes and or setting up additional infrastructure.

On-prem, cloud or hybrid? Quest has you covered!

For truly comprehensive Microsoft 365 auditing, upgrade to the On Demand Audit Hybrid Suite for Office 365, which includes On Demand Audit, Change Auditor for Active Directory and Change Auditor for Logon Activity. On Demand Audit consolidates and correlates Change Auditor’s in-depth, high-fidelity on-prem audit data together with cloud activity from Azure AD and Microsoft 365 workloads to get a single, hosted view of all changes across your hybrid environment.

Screenshot Tour

Security vulnerability dashboard
Critical asset protection
Automated anomaly detection
Interactive visualizations
Normalized audit view
Active Directory auditing
On-premises logon activity
On-premises file auditing
Azure AD auditing
Azure AD sign-ins
Teams auditing
Exchange Online auditing

Security vulnerability dashboard

Analyze event data from on-prem and Office 365 workloads for a single view of security vulnerabilities and anomalous activity across your hybrid environment.

Critical asset protection

Through integration with SpecterOps BloodHound Enterprise, identify all critical Tier Zero assets and automatically monitor them for any suspicious activity indicating they’ve been compromised.

Automated anomaly detection

Automatically analyze all activity from your on-prem AD, authentications, file servers and network-attached storage as well as Azure AD and Office 365 workloads to detect anomalous surges in sensitive activity that could be indicative of attack or compromise.

Interactive visualizations

Quickly investigate and act upon potential threats by summarizing and filtering millions of events in simple, interactive dashboards that you build on-the-fly.

Normalized audit view

Get the most important event details from every on-prem and cloud change, including before and after values, so you can quickly make sense of your Office 365 security audit logs.

Active Directory auditing

Integrate with Change Auditor for Active Directory easily in a few clicks to get a single, hosted view of all AD, Azure AD and Office 365 activity together, for truly comprehensive Office 365 auditing.

On-premises logon activity

Integrate with Change Auditor for Logon Activity in a few clicks to view all AD logons/logoffs, Azure AD sign-ins and Office 365 activity together.

On-premises file auditing

Integrate with Change Auditor for Logon Activity in a few clicks to view all AD logons/logoffs, Azure AD sign-ins and Office 365 activity together.

Azure AD auditing

Get real-time auditing and alerting on all configuration, user and administrator changes made across Azure AD.

Azure AD sign-ins

Track all successful and failed Azure AD sign-in events. Visualize and filter by user and application.

Teams auditing

Audit and alert on critical events such as configuration and setting changes, guest user activity and when new Teams or channels are created – a must for thorough Office 365 auditing.

Exchange Online auditing

Get a single view of all Exchange Online mailbox activity, including email forwarding, non-owner mailbox access and more.

Why Quest On Demand?

Fast, easy setup

Onboard with ease. Start auditing in minutes. No installation, no upgrades, no complex configuration — no sweat!

Secure and reliable SaaS

Quest On Demand delivers the security standards, service level and scalability that you need, backed by award-winning, global support ready to help you 24/7/365.

Rapid innovation

We keep pace with Microsoft updates so you don’t have to. Automatic updates deliver new features and security patches quickly and without any effort on your part.

 

ISO certifications

Quest On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certification.

Specifications

Available in the following Microsoft Azure regions:

  • Australia
  • Canada
  • North Europe
  • United Kingdom
  • United States

The following web browsers are supported with On Demand:

  • Internet Explorer 11
  • Microsoft Edge
  • Google Chrome (latest version)
  • Mozilla Firefox (latest version)

On Demand Audit supports integration with Change Auditor version 7.0.3 or later.

Industry recognition

See why Singapore Business Review named On Demand Audit a 2020 Technology Excellence Award winner.

1444

Blogs

The top activities to track when auditing Active Directory 

Learn why auditing Active Directory is vital to security and business continuity, and what types of activity to track.

Ian Lindsay

Understanding Azure AD Sync: An overview of Azure AD Connect Sync and Cloud Sync 

Learn about Azure AD sync, the difference between Connect and Cloud Connect sync and security factors to consider.

Susan Bradley

8 cybersecurity predictions for 2025 

Check out our top cybersecurity predictions for 2025 to better prepare your organization for the year ahead.

Jennifer LuPiba

Defending your organization before, during and after a cyberattack 

Discover key considerations and the essential steps to take before, during, and after a cyberattack to minimize its impact.

Matthew Vinton

Why IAM leaders must prioritize Identity Threat Detection and Response in 2024  

Learn why IAM and security leaders must prioritize identity threat detection and response (ITDR) in 2024 and what that they should be focused on.

Richard Dean

What you need to know about Identity Threat Detection and Response (ITDR) 

Learn how ITDR encompasses threat intelligence, its best practices and which tools to use for protecting identity systems.

Matthew Vinton

    Get started now

    Streamline security and compliance auditing of your hybrid Microsoft environment
    Try Online
    Request Pricing

    Support and services

    Product Support
    Self-service tools will help you to install, configure and troubleshoot your product.

    Support Offerings
    Find the right level of support to accommodate the unique needs of your organization.