What role does a user need to have in order to use the Audit log search?

Brass Contributor

Hi,

 

What role does a user need to have in order to use the Audit log search?

 

See attached..

Capture.PNG

Thank you for your time,

Ollie

audit log search.jpg

 

3 Replies

@Oliver McErlane 

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Note global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online.

@RuudGijsbers Is this the same for SharePoint? I don't want to give them permissions to search Exchange?

@Oliver McErlane as far as I know, you can't differentiate between the different services. If you have permission to search the admin audit log, you can search all services.