Forum Discussion

John Olszewski's avatar
John Olszewski
Copper Contributor
Nov 08, 2018

"Used secure link" O365 audit log activity

I have an O365 audit logging requirement from our business where they want to know if a link to a file that was shared in either OneDrive for Business or SharePoint Online was actually opened by the ...
John Olszewski's avatar
John Olszewski
Copper Contributor
Nov 08, 2018

VasilMichev, correct....From everything I read, the two action registrations in the audit log that were in my original post will be triggered when a recipient uses a link.  But I can't get from the Microsoft documentation what level of data goes along with these events in the log.  So I would need to know that one of those two "link used" actions was triggered, but also who did it and when.  It's not clear to me how to get the "who did it, and when" part of it from the logs.

VasilMichev's avatar
VasilMichev
MVP
Nov 08, 2018

The trouble with the "who" part is that this might be an anonymous link, or one not tied in to any Azure AD user object, thus there might not be a way for O365 to report who accessed the file. TBH, I haven't actually bothered to check what's audited in such scenario, I'm just thinking aloud here. But since it's fairly easy to test, I'll give it a go and see what I can dig out.