First published on TECHNET on Aug 23, 2018 Hello All,
Continuing to look at Compliance and O365 Groups I wanted to look at the Audit log search in Security & Compliance, I’m sure we all realize how important it is to collect audit data so that you can answer questions about user or system actions.
So let’s look at what it means for O365:
Go to Security & Compliance portal
Expand Search & Investigation then select Audit Log Search
From the GUI you need to select the activities you want to report on which can cover many different services like File, Sway, and AAD to mention just a few and then each service has multiple activities like Delete, Create, etc.
As well you can select Start and end dates
If you know enough specifics you can narrow it down to users and files/folders
NOTE: Any information you can use to narrow down what you have to dig thru will be better for you.
The information that is provided to you will have all the info you expect, and what you do with that data is up to you. You can view that data in the GUI itself or you can export to a CSV file.
As well for those that love automation and development you can choose from:
PowerShell and using the cmdlet Search-UnifiedAuditLog which will return activities from all the services like Exchange, SharePoint, Teams, etc