Forum Discussion
Onedrive audit log when admin logs into user account - what's expected behaviour?
Just correcting this as in light of new information. After another look at this, I can in fact see the name of the admin granting themselves access. I don't know how I missed this the first time around, nor how my colleague did who also tested it for me. Did we both miss it, or did MS change something? Who knows.
In the audit log under more information there's a clear and obvious box that shows the admin name. Whilst setting alerts on this is clunky because it comes through as app@sharepoint, at least you can manually investigate and get a name.
Right, makes sense that the O365 Admin center devs will mess things up, as usual :) I'm guessing they are doing some behind the scenes mumbo jumbo that ends up executing the request in the context of the SPO system account.
Anyway, best way to report this is via the Feedback page on the O365 Admin center, or via support case. I'll see if I can find anyone on MS side to ping about this in the meantime.
Just correcting this as in light of new information. After another look at this, I can in fact see the name of the admin granting themselves access. I don't know how I missed this the first time around, nor how my colleague did who also tested it for me. Did we both miss it, or did MS change something? Who knows.
In the audit log under more information there's a clear and obvious box that shows the admin name. Whilst setting alerts on this is clunky because it comes through as app@sharepoint, at least you can manually investigate and get a name.
I agree, it's a given admin that pressed the button/link, so this should be correctly reflected in the audit log.