Microsoft Stream 中的审核日志Audit logs in Microsoft Stream

您可以使用审核日志来监视和调查在 Stream 中执行的操作。You can use audit logs to monitor and investigate actions taken in Stream. 了解谁在为帮助组织满足法规遵从性和记录管理要求而在哪个项目上采取了关键措施。Knowing who is taking what action on which item can be critical in helping your organization meet regulatory compliance and records management requirements.

您可以按日期范围、用户、仪表板、报表、数据集和活动类型筛选审核数据。You can filter the audit data by date range, user, dashboard, report, dataset and activity type. 您还可以下载 CSV (逗号分隔值) 文件中的活动,以进行脱机分析并使用 PowerShell 搜索审核日志。You can also download the activities in a CSV (comma separated value) file to analyze offline and use PowerShell to search for audit logs.

流审核日志包含在 Microsoft 365 审核日志中:Stream audit logs are included in the Microsoft 365 audit logs:

  • 若要访问 microsoft 365 安全与合规中心的 "审核" 部分,您必须具有一个 Exchange Online 许可证 (包含在 Microsoft 365 企业版 E3 和 E5 订阅) 中。To access the auditing section of the Microsoft 365 Security and Compliance Center, you must have an Exchange Online license (included with Microsoft 365 Enterprise E3 and E5 subscriptions).

  • 您必须是 Microsoft 365 全局管理员或具有可提供对审核日志的访问权限的 Exchange 管理员角色。You must either be an Microsoft 365 Global Admin or have an Exchange admin role that provides access to the audit log.

  • Exchange 管理员角色通过 Exchange 管理中心进行控制。Exchange admin roles are controlled through the Exchange admin center. 有关详细信息,请参阅 Exchange Online 中的权限For more information, see Permissions in Exchange Online.

  • 如果您有权访问审核日志,但不是 Microsoft 365 全局管理员或流管理,则无法访问 Stream administration settings。If you have access to the audit log but are not an Microsoft 365 Global Admin or a Stream admin, you do not have access to the Stream admin settings. 在这种情况下,请使用指向 Microsoft 365 安全与合规中心审核日志的直接链接。In this case, use this direct link to the Microsoft 365 Security and Compliance Center audit log.

备注

若要在 Microsoft 365 租户中查看 Microsoft Stream 的审核日志,你的租户中至少需要一个 exchange 邮箱许可证。To view audit logs for Microsoft Stream in your Microsoft 365 tenant, you need at least one exchange mailbox license in your tenant.

  1. 转到 Microsoft 365 安全与合规中心审核日志Go to the Microsoft 365 Security and Compliance Center audit log.

  2. 在 "审核日志搜索" 页上,选择搜索条件。On the Audit log search page, select the criteria for the search.

    • 在 "搜索" 下的活动下拉 "" 中,选择流活动之一:视频活动组/通道活动常规活动In the drop down for Activities under Search, select one of the Stream activities: video activities, group / channel activities or general activities. 在选择框外的任意位置选择以将其关闭。Select anywhere outside of the selection box to close it.

      流审核日志菜单

    • 选择 " 开始日期 " 和 " 结束日期 " 字段中的日期。Select dates in the Start date and End date fields.

      默认情况下,选择最后七天。The last seven days are selected by default. 日期和时间将以协调世界时 (UTC) 格式显示。The date and time are presented in Coordinated Universal Time (UTC) format. 可指定的最大日期范围为 90 天。The maximum date range that you can specify is 90 days.

      备注

      用户应注意的信息即使 skimmingIf 您使用的最大日期范围为90天,请选择 "开始日期" 的当前时间。Information the user should notice even if skimmingIf you're using the maximum date range of 90 days, select the current time for the Start date. 否则,你将收到说明开始日期早于结束日期的错误消息。Otherwise, you'll receive an error saying that the start date is earlier than the end date. 如果你在过去 90 天内打开了审核,则最大日期范围不能从打开审核的日期之前开始。If you've turned on auditing within the last 90 days, the maximum date range can't start before the date that auditing was turned on.

    • 选择 " 用户" 中的特定用户。Select specific users in the Users. 使用用户登录到 Microsoft Stream 时使用的用户名。Use the username that they sign into Microsoft Stream with.

      流审核日志的搜索日期

  3. 单击"搜索"。Click Search. 一小段时间后,结果将显示在 " 结果" 下。After a short time the results are displayed under Results. 完成搜索后会显示找到的结果数。When the search is finished, the number of results found is displayed.

    查看流审核日志的搜索结果

    备注

    最多显示1000个事件;如果超过1000个事件符合搜索条件,则会显示最新的1000事件。A maximum of 1000 events are displayed; if more than 1000 events meet the search criteria, the newest 1000 events are displayed.

    结果中包含有关搜索返回的每个事件的以下信息。The results contain the following information about each event returned by the search.

    Column 定义Definition
    DateDate 在事件发生时) 的日期和时间 (UTC 格式。The date and time (in UTC format) when the event occurred.
    IP 地址IP address 记录活动时使用的设备的 IP 地址。The IP address of the device that was used when the activity was logged. IP 地址显示为 IPv4 或 IPv6 地址格式。The IP address is displayed in either an IPv4 or IPv6 address format.
    用户User 用户 (或服务帐户) 执行触发事件的操作。The user (or service account) who performed the action that triggered the event.
    活动Activity 用户执行的活动。The activity performed by the user. 此值对应于你在“活动”下拉列表中选定的活动。This value corresponds to the activities that you selected in the Activities drop down list.
    ItemItem 由于对应的活动而创建或修改的对象。The object that was created or modified because of the corresponding activity. 例如,已查看或修改的视频或已更新的用户帐户。For example, the video that was viewed or modified or the user account that was updated. 并非所有活动在此列中都具有值。Not all activities have a value in this column.
    详细信息Detail 有关活动的其他详细信息。Additional detail about an activity. 并非所有活动在此列中都具有值。Not all activities have a value in this column.

    备注

    选择 " 结果 " 下的列标题以对结果进行排序。Select a column header under Results to sort the results. 你可以将结果按从 A 到 Z 或从 Z 到 A 的顺序排序。单击“日期”标题以将结果按从旧到新或从新到旧的顺序排序。You can sort the results from A to Z or Z to A. Click the Date header to sort the results from oldest to newest or newest to oldest.

  4. 通过在搜索结果列表中选择事件记录来查看有关事件的详细信息。View details about an event by selecting the event record in the list of search results. 将显示 "详细信息" 页,其中包含事件记录中的详细属性。A details page is displayed that contains the detailed properties from the event record. 若要显示其他详细信息,请选择 " 详细信息"。To display additional details, select More information.

    下表提供了有关可能显示的详细信息。The following table provides details on that you may see displayed.

    参数Parameter 定义Definition
    ObjectIdObjectId EntityId (如果适用) \nVideoId \nGroupIdEntityId, if applicable \nVideoId \nGroupId
    资源标题Resource Title 这是实体的名称,例如视频标题、组名称等。This is the name of the entity such as Video Title, Group Name, etc.
    资源 URLResource URL 这是 Microsoft Stream 中 entity (video、group、信道) 的完整路径This is the complete path of the entity (video, group, channel) in Microsoft Stream
    操作Operation 有关操作列表,请参阅所记录的操作部分For list of operations refer the actions being logged section
    ClientIpClientIp 记录活动时使用的设备的 IP 地址。The IP address of the device that was used when the activity was logged. IP 地址显示为 IPv4 或 IPv6 地址格式。The IP address is displayed in either an IPv4 or IPv6 address format.
    OrganizationIdOrganizationId 这是你在 Microsoft Stream 中预配的租户的租户 idThis is the tenant id for your tenant provisioned in Microsoft Stream

流中记录的操作Actions logged in Stream

将记录以下操作。The following actions are logged.

操作名称Action Name 定义Definition
创建的视频Created video 已创建视频实体。Video entity has been created. 尚未上传任何视频。No video uploaded yet.
编辑的视频Edited video 视频元数据已编辑。Video metadata has been edited.
删除的视频Deleted video 已删除视频。Video has been deleted.
上传视频Uploaded video 已上载视频。Video has been uploaded.
下载的视频Downloaded video 视频下载发生。Video download happened.
编辑的视频权限Edited video permission 修改了视频权限Video permissions were modified
查看的视频Viewed video 已在 Stream portal 或通过嵌入查看视频A video has been viewed either in the Stream portal or via embed
共享视频Shared video 通过电子邮件共享的视频。Video shared via email.
喜欢的视频Liked video 组织中的用户赞了此视频A user in the organization liked this video
Unliked 视频Unliked video 用户 disliked 以前喜欢的视频A user disliked a video which he/she previously liked
对视频进行了注释Commented on video 对视频进行了注释A comment was made on a video
已删除视频注释Deleted video comment 已删除视频上的注释A comment on a video was deleted
上载的文本跟踪Uploaded text track 为视频上载了副标题文件A subtitle file was uploaded for a video
已删除的文本轨道Deleted text track 为视频删除了副标题文件A subtitle file was deleted for a video
上载的缩略图Uploaded thumbnail 为视频上载了自定义缩略图A custom thumbnail was uploaded for a video
删除的缩略图Deleted thumbnail 为视频删除了自定义缩略图Custom thumbnail was deleted for a video
链接在视频上Linked on Video 与 Microsoft 365 组关联的视频A video was associated with an Microsoft 365 Group
已创建组Created group Microsoft 365 组是通过 Microsoft Stream 创建的Microsoft 365 Group was created from Microsoft Stream
编辑过的组Edited group 已为 Microsoft 365 组更新元数据Metadata was updated for Microsoft 365 Group
已删除组Deleted group 已从 Microsoft Stream 中删除了 Microsoft 365 组An Microsoft 365 Group was deleted from Microsoft Stream
编辑的组成员身份Edited group memberships 已编辑 Microsoft 365 组权限Microsoft 365 Group permissions were edited
创建的频道Created channel 已创建新通道A new channel was created
编辑过的频道Edited channel 已编辑通道元数据Channel metadata was edited
已删除频道Deleted channel 频道已删除Channel was deleted
设置频道缩略图Set channel thumbnail 缩略图完成上载后记录Logged after thumbnails complete upload
登录Logon 登录到 Microsoft Stream 的用户User Logged in to Microsoft Stream
编辑过的用户设置Edited user settings 用户编辑了她的用户设置或其用户设置,如语言User edited her or his user settings such as language
编辑的租户设置Edited tenant settings 管理员更新了流管理中心中的设置Admin updated settings in the Stream admin center
编辑了全局角色分配Edited global role assignment 管理员对全局角色分配进行了更新,如添加/删除 stream admins、video uploaders 或频道创建者。Admin made updates to the global role assignments such as adding/removing stream admins, video uploaders or channel creators.

导出 Microsoft Stream 审核日志Export the Microsoft Stream audit log

  1. 若要将 Microsoft Stream 审核日志导出到 CSV 文件,请单击 " 导出结果"。To export the Microsoft Stream audit log to a CSV file, click Export results.

  2. 选择 " 保存加载的结果 " 或 " 下载所有结果"。Select either Save loaded results or Download all results.

    导出流审核日志

使用 PowerShell 搜索日志Use PowerShell to search the log

您可以使用 PowerShell 根据您的登录访问审核日志。You can use PowerShell to access the audit logs based on your login. 这是通过访问 Exchange Online 来完成的。This is done by accessing Exchange Online.

下面的示例展示了拉取 Microsoft Stream audit log 条目的命令:Here is an example of a command to pull Microsoft Stream audit log entries:

备注

若要使用 新的-PSSession 命令,你的帐户需要分配有 Exchange Online 许可证,并且你需要对租户的审核日志的访问权限。In order to use the New-PSSession command, your account needs to have an Exchange Online license assigned to it and you need access to the audit log for your tenant.

 Set-ExecutionPolicy RemoteSigned

 $UserCredential = Get-Credential

 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

 Import-PSSession $Session
 Search-UnifiedAuditLog -StartDate 4/01/2018 -EndDate 5/03/2018 -RecordType MicrosoftStream -ResultSize 1000 | Format-Table | More

有关连接到 Exchange Online 的详细信息,请参阅 连接到 Exchange Online PowerShellFor more information about connecting to Exchange Online, see Connect to Exchange Online PowerShell.

有关参数和使用 UnifiedAuditLog 命令的详细信息,请参阅 UnifiedAuditLogFor more information about parameters and using the Search-UnifiedAuditLog command, see Search-UnifiedAuditLog.

另请参阅See also

如果你正在使用安全性和合规性,你可能会发现此信息非常有用。If you're working with security and compliance, you might find this information useful.