07-05-2018 12:49 PM
07-05-2018 12:49 PM
Is Office 365 Unified Audit logs just a duplication of SharePoint online site collection audit logs ?
If yes is it okay to turn off SharePoint Oniline site collection audit logs ?
If no what are the benefits of having them both turned on ?
07-05-2018 01:16 PM
07-05-2018 01:52 PM
Thank you Juan for quick response.
I agree that office 365 audit logs provide much more than sharepoint, because it covers exchange and other office 365 products.
By turning off SPO audit logs, I will still be able to pull all the logs related to SPO(that were being covered under SPO audit logs) through office 365 audit logs am I right ?
07-07-2018 03:00 PMSolution
The thing about the Office 365 audit logs is that any entries ingested from a workload, like SharePoint, are normalized based on a known schema. This means that the information captured in the audit log from SharePoint is the same as you'd get from SharePoint, but it's in a common format that makes it easy to match SPO data with other workloads.
07-11-2018 01:27 AM
There is some benefit, Some events will not be captured unless you specifically turned on auditing for that site collection. Here are those events,
For Documents and Items,
Checking out or checking in items
Moving or copying items to another location in the site
Deleting or restoring items
Editing content types and columns
Searching site content
Editing users and permissions
07-11-2018 10:04 AM
Is the audit log feature only available for non-group enabled site collections? I looked at https://support.office.com/en-us/article/view-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527 and can certainly configure audit log settings, but I don't see any audit log reports option under site settings. The set of events look very similar to what is pumped into the Office 365 audit log by SharePoint, which is the most verbose of all the apps...
07-11-2018 10:58 AM
I think @Christophe Fiessinger or any other of the Groups guys are the only ones that can tell us why the Audit Log Reports link is missing in the site settings page in a Group site
07-11-2018 11:00 AM
However, let me also make the observation that when a choice exists between a workload-dependent feature and an equivalent feature that works across workloads, I would always take the latter. The reason is that we deal with Office 365 rather than a workload, and Microsoft's efforts inside Office 365 always focus on features that work across the service rather than are specific to a workload (like SharePoint).
07-12-2018 06:40 PM
09-12-2018 05:32 AM
@St William, i could find some of the events you mentioned, here:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-c... . Did you find this from your testing or is there any documentation underlining the fact that some events are captured in the O365 logs ONLY if SPO audit logging is also enabled?