SoftSol

Microsoft 365 Administration

Total Administrative Transparency via Immutable Auditing

Continuous accountability and real-time verification of administrative boundaries.

This document describes SoftSol’s administrative transparency model for your Microsoft 365 environment. We maintain efficient, standing administrative access to manage your tenant effectively — and every single administrative action we take is permanently, immutably recorded and available for your compliance team to review at any time, in a log that neither we nor anyone else can alter or delete.

1

The Digital Footprint — Every Action Logged, Always

Microsoft 365 maintains a comprehensive, platform-level audit log in Microsoft Purview Audit for all administrative activity within your tenant. This is not an optional feature or a SoftSol addition — it is a core, built-in capability of the Microsoft 365 platform that cannot be disabled by any party, including SoftSol.

What this means in practice: it is technically impossible for an administrative account to perform any of the following actions without generating a permanent, timestamped, identity-attributed log entry:

Mailbox Permission ChangesGranting or revoking access to any user’s mailbox — including Add-MailboxPermission
Password ResetsAny administrative password reset or account unlock for any user in the directory
File AccessAny administrative access to SharePoint or OneDrive files, including viewing, copying, or downloading
eDiscovery SearchesInitiating a compliance search across mailboxes or files logs the initiating account and the search scope
Policy & Configuration ChangesAll changes to transport rules, Conditional Access policies, security settings, and role assignments
User & Group ManagementAccount creation, deletion, group membership changes, and licence assignments

Each log entry captures the exact time (UTC), the UPN of the admin account that performed the action, the target object, and the specific operation code. These records are retained for a minimum of 180 days under standard licencing and up to 10 years under Microsoft Purview Audit (Premium).

2

Real-Time Alerting to Your Management Team

A comprehensive audit log only provides value if the right people are notified in real time when sensitive actions occur — not after the fact during a quarterly review. We configure Microsoft Purview alert policies in your tenant to dispatch immediate notifications to your named management team members when any of the following events are triggered by any administrative account, including SoftSol’s:

  • Mailbox permission grant — any Add-MailboxPermission operation generates an immediate alert with the admin identity, target mailbox, and permission level granted.
  • eDiscovery search initiated — any new compliance search or content export triggers an alert before results are accessed, giving your team the opportunity to query the action in real time.
  • Privileged role assignment — any change to Global Admin, Exchange Admin, or other high-privilege roles in the directory triggers immediate notification to your designated security contact.
  • Mass file download or export — anomalous bulk access to SharePoint or OneDrive files from an administrative account generates an alert for your review.

Your team receives alerts via email — or optionally via webhook into your preferred notification channel — with enough detail to immediately assess the action and contact SoftSol for clarification if needed.

3

External Log Streaming — Tamper-Evident Third-Party Repository

Microsoft Purview’s native audit log provides a strong baseline, but it resides within the Microsoft 365 tenant itself. To provide your organisation with a completely independent and unalterable record, we configure continuous streaming of your audit logs to an external Security Information and Event Management (SIEM) repository.

This external repository is configured as read-only and append-only. Once a log event is written to it, it cannot be modified, overwritten, or deleted — by SoftSol, by your own administrators, or by any third party. The repository is physically and logically separate from your Microsoft 365 tenant and from SoftSol’s own infrastructure.

What your compliance officers receive:

  • A continuous, real-time feed of all Microsoft 365 administrative audit events into an independent repository
  • Read access to query the repository directly — no dependency on SoftSol to pull reports
  • Log integrity verification — each event is hashed on ingestion, providing mathematical proof that records have not been tampered with
  • Exportable reports in standard formats accepted by ISO 27001 auditors, cyber-insurance assessors, and POPIA compliance reviewers

This architecture means that even in the most adversarial scenario — where SoftSol itself were somehow compromised, or where a dispute arose about what actions were or were not taken — your organisation holds a cryptographically verifiable, third-party record of the complete administrative history of your Microsoft 365 environment. It is not our word against yours. The record speaks for itself.

What this means for your organisation

  • Complete administrative accountability. Every action taken in your tenant by any administrative account — ours or yours — is permanently and immutably logged.
  • Real-time visibility. Your management team is alerted immediately when sensitive administrative operations occur, giving you the ability to query or escalate in real time.
  • An independent record you own. The external log repository is yours. SoftSol cannot alter, delete, or withhold it. Your compliance officers access it directly.
  • Compliance-ready documentation. The log format and integrity verification meet the evidentiary standards required by ISO 27001, POPIA, PCI-DSS, and most cyber-insurance policies.

Full Implementation Agreement

M365 Immutable Audit & Transparency Agreement

The complete technical specification and client agreement for Framework B — covering the full streaming architecture, alert policy table, implementation checklist, compliance alignment, and signature blocks. Viewable online, printable, and ready to sign.

View & Download Agreement Open in new tab (for PDF / print)

Formal Documentation

Administrative Access Rights Statement

A formal document listing every GDAP role SoftSol holds, precisely what each role permits, and what it explicitly cannot access — suitable for your compliance records, governance team, or insurer.

View Document Open & Save as PDF

Opens in a new tab with a print/save button — choose Save as PDF in the print dialog.

Questions about this transparency model?

Contact SoftSol to discuss the SIEM configuration, the alert policy scope, or to request a sample audit report for review by your compliance team or insurer.

Contact SoftSol