Access to SharePoint Audit logs

%3CLINGO-SUB%20id%3D%22lingo-sub-1684103%22%20slang%3D%22en-US%22%3EAccess%20to%20SharePoint%20Audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1684103%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20requirement%20to%20give%20someone%20who%20deals%20with%20document%20management%20access%20to%20the%20audit%20logs%20for%20SharePoint%20via%20%22Office%20365%20Security%20%26amp%3B%20Compliance%22%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%2Funifiedauditlog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%2Funifiedauditlog%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20want%20to%20add%20them%20to%20the%26nbsp%3B%3CSTRONG%3ESite%20Collection%20Administrators%3C%2FSTRONG%3E%20group%20as%20I%20don't%20want%20to%20give%20them%20access%20to%20the%20audit%20logs%20for%20all%20Office365%20applications%20..%20exchange%2C%20teams%2C%20SharePoint%20%2C%20yammer%20etc.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20best%20practice%20or%20what%20would%20be%20the%20best%20way%20to%20do%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20time%2C%3CBR%20%2F%3EOllie%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1684103%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1684261%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20to%20SharePoint%20Audit%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1684261%22%20slang%3D%22en-US%22%3ETo%20access%20the%20Audit%20Log%20Search%20feature%20is%20not%20required%20to%20be%20a%20SharePoint%20Admin%2C%20but%20of%20course%20you%20need%20a%20role%20to%20be%20able%20to%20use%20the%20Audit%20Log%20Search.%20Take%20a%20look%20at%20the%20Microsoft%20365%20roles%20to%20decide%20which%20role%20you%20should%20assign%20following%20the%20least%20privilege%20approach%3C%2FLINGO-BODY%3E
Contributor

Hi,

 

I have a requirement to give someone who deals with document management access to the audit logs for SharePoint via "Office 365 Security & Compliance"

https://protection.office.com/unifiedauditlog

 

I don't want to add them to the Site Collection Administrators group as I don't want to give them access to the audit logs for all Office365 applications .. exchange, teams, SharePoint , yammer etc. 

 

Is there a best practice or what would be the best way to do this?

 

Thank you for your time,
Ollie 

2 Replies
To access the Audit Log Search feature is not required to be a SharePoint Admin, but of course you need a role to be able to use the Audit Log Search. Take a look at the Microsoft 365 roles to decide which role you should assign following the least privilege approach

Access to the unified audit log in the SCC is "all or nothing" I'm afraid.