Forum Discussion
Audit of permission changes for SharePoint folder
Hi all,
trying to find a way to audit who has added users internally to some critical sharepoint folders. Trying via MS Purview > Audit, but no luck so far. Anyone could advise what exactly do I need to search for? (particular friendly activity for example). I’ve tried with no activities selected (so assume all are included) and specified Folder and set Workloads > SharePoint. However, it does not seem to return any permission changes… only events like file/folder access, creation, etc…
any idea?
We use have M365 E3 and M365 E5 Security subscriptions
2 Replies
Ensure that audit logging is enabled before the permission changes occurred. Events are not logged retroactively.
Go to Microsoft Purview > Audit
> - Audit Search
Set the following parameters
Activities: Select the following
Added or updated permissions
Shared file, folder, or site
Changed sharing permissions
Workloads: Choose SharePoint.
Folder: Specify the critical folder path (if known).
Date Range: Specify a time frame for when the changes might have occurred.
Thanks a lot!
I can see only "Shared file, folder, or site". There are lots for permission changes but linked to either site or group.
I've tested this one and looks I can see what I was looking for....So thanks a lot! However, I only have 180 days of logs. Wondering if there is a way to extend retention of these logs somehow, or I need to upgrade to E5.
