What's going on with Auditing in O365
Recently was working with a customer and looking at Audit data, it surprised me when I discovered that they were looking at the audit logs in the Site Settings instead of in the Security & Compliance portal.
If you didn't realize the Security & Compliance portal has been receiving a ton of updates in the last few quarters and has definitely been a focus. The great thing is that you can view your Audit data for all the services from the one portal instead of having to go to different places this includes Exchange (Admin by default, mailbox can be turned on), SharePoint, Teams, AAD, Yammer, Stream, and many more.
Here are the steps to access it:
- Go to https://protection.office.com
- Click on ‘Search & Investigation’ then ‘Audit log search’
- After that you can search audit logs from many different apps like SPO, OneDrive, etc in the same GUI
- Filter on Activities, Dates, Users
- Filter on file name, folder name or Site url
As well, if you want you can create an alert policy that you can have sent to a particular user based on some limited but powerful filtering.
Another advantage to this portal is that they have provided the descriptions your looking for https://support.office.com/en-us/article/search-the-audit-log-in-the-office-365-security-compliance-center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US#view