Admin App and Auditing SharePoint App Principal

Occasional Visitor

Is it possible to audit what activites are being performed by apps registered in ACS as SharePoint Addins using the audit logs.  I have a few apps with tenant admin rights and trying to keep track of everything from an audit perspective.   I tried searching for the clientid as a user with no luck.  @Vesa Juvonen

2 Replies

I don't think these are unfortunately logged properly, but not 100% sure on this, so could be wrong as well.

Are these being logged to the audit log yet? 


In trying to document development guidelines for our organization, it seems to make sense to use app principals and not real AD accounts.  No license required in O365 for this type of access.  These are for processes like batch programs that need to read/write data in SharePoint Online.  So these are just scheduled and run as typical batch scripts.


After doing some digging and this post confirms, these operations are not audited anywhere.  In my opinion, this is a huge gap for these types of principals.  In the event that one of our devs leaves the company, we need to generate a new secret for each principal they may have had access to.  If the secrets aren't regenerated, that dev would still have access to our system as there doesn't seem to be any controls available to lock these down.


Right now I'm leaning towards using application accounts that live in our AD and providing the minimum license required for the mangement of content via the APIs.  At least through this method, operations are logged in the audit log and we can control where these accounts can be used from (i.e. network location) via our identity system.


Any updates on managing these app principals from Microsoft??