cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Audit Log for Files or Folders that were deleted more than 6 months

Chung-Cheng Yu
Brass Contributor

‎Jul 16 2023 09:04 PM

‎Jul 16 2023 09:04 PM

Audit Log for Files or Folders that were deleted more than 6 months

Recently we have a few users reached out and inquired if IT can identify folders or files that were deleted more than 6 months ago (These files and folders are gone from the 2nd stage recycle bin).

 

We’ve attempted to use the Audit feature in M365 Defender module (formally known as Security & Compliance) but since these objects was recycled more than 6 months ago, the Audit service is unable to retrieve any information. We've also attempted to reach out MS Support (standard Support since we don't have any premium support plan) and hope they have other tools that can help us identifying when these objects was recycled from the Document library but no luck either.

 

At this point we are unsure what other approach we could take so any suggestions are welcome and much appreciated!

1,954 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Chung-Cheng Yu (Brass Contributor)
NikolinoDE

‎Jul 17 2023 01:23 AM

‎Jul 17 2023 01:23 AM

Solution

Re: Audit Log for Files or Folders that were deleted more than 6 months

@Chung-Cheng Yu 

When files or folders have been deleted more than 6 months ago and are no longer available in the second-stage recycle bin, it can be challenging to retrieve the audit log information using the built-in features in Microsoft 365. However, there are a few potential approaches you can consider:

  1. SharePoint Online Recycle Bin: Check if the files or folders are still available in the SharePoint Online Recycle Bin. Although you mentioned they are not in the second-stage recycle bin, it is worth double-checking the first-stage recycle bin to see if any items were retained there.
  2. Third-Party Backup Solutions: If you have implemented third-party backup solutions for your SharePoint Online environment, check if they retain backup data for a longer period. These solutions may provide the ability to restore files or folders that were deleted beyond the normal retention period.
  3. Data Recovery Services: Consider engaging data recovery services that specialize in SharePoint Online. They may have advanced tools and techniques to recover deleted files or folders from the underlying storage infrastructure. Keep in mind that this option can be costly and success cannot be guaranteed.
  4. Compliance Center or Audit Log Search: Although you mentioned that the Audit feature in Microsoft 365 Defender is unable to retrieve the information, you can still try using the Compliance Center (formerly known as Security & Compliance Center) or the Audit Log Search feature in SharePoint Online. These tools provide more advanced search capabilities and may be able to retrieve audit log data beyond the 6-month limitation. However, it is important to note that the availability of data in the audit logs depends on the specific configuration and retention settings in your organization.

It is important to note that the availability and success of these approaches can vary depending on your specific environment, configurations, and retention policies. The text and the steps are the result of various AI's put together.

 

My answers are voluntary and without guarantee!

 

Hope this will help you.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Chung-Cheng Yu (Brass Contributor)
NikolinoDE

‎Jul 17 2023 01:23 AM

‎Jul 17 2023 01:23 AM

Solution

Re: Audit Log for Files or Folders that were deleted more than 6 months

@Chung-Cheng Yu 

When files or folders have been deleted more than 6 months ago and are no longer available in the second-stage recycle bin, it can be challenging to retrieve the audit log information using the built-in features in Microsoft 365. However, there are a few potential approaches you can consider:

  1. SharePoint Online Recycle Bin: Check if the files or folders are still available in the SharePoint Online Recycle Bin. Although you mentioned they are not in the second-stage recycle bin, it is worth double-checking the first-stage recycle bin to see if any items were retained there.
  2. Third-Party Backup Solutions: If you have implemented third-party backup solutions for your SharePoint Online environment, check if they retain backup data for a longer period. These solutions may provide the ability to restore files or folders that were deleted beyond the normal retention period.
  3. Data Recovery Services: Consider engaging data recovery services that specialize in SharePoint Online. They may have advanced tools and techniques to recover deleted files or folders from the underlying storage infrastructure. Keep in mind that this option can be costly and success cannot be guaranteed.
  4. Compliance Center or Audit Log Search: Although you mentioned that the Audit feature in Microsoft 365 Defender is unable to retrieve the information, you can still try using the Compliance Center (formerly known as Security & Compliance Center) or the Audit Log Search feature in SharePoint Online. These tools provide more advanced search capabilities and may be able to retrieve audit log data beyond the 6-month limitation. However, it is important to note that the availability of data in the audit logs depends on the specific configuration and retention settings in your organization.

It is important to note that the availability and success of these approaches can vary depending on your specific environment, configurations, and retention policies. The text and the steps are the result of various AI's put together.

 

My answers are voluntary and without guarantee!

 

Hope this will help you.

View solution in original post

1 Like
Reply