Share via


O365 Groups Tidbit - Compliance in O365 Groups (Audit log search)

Hello All,

Continuing to look at Compliance and O365 Groups I wanted to look at the Audit log search in Security & Compliance, I’m sure we all realize how important it is to collect audit data so that you can answer questions about user or system actions.

So let’s look at what it means for O365:

  1. Go to Security  & Compliance portal
  2. Expand Search & Investigation then select Audit Log Search
  3. From the GUI you need to select the activities you want to report on which can cover many different services like File, Sway, and AAD to mention just a few and then each service has multiple activities like Delete, Create, etc.
  4. As well you can select Start and end dates
  5. If you know enough specifics you can narrow it down to users and files/folders

NOTE: Any information you can use to narrow down what you have to dig thru will be better for you.

The information that is provided to you will have all the info you expect, and what you do with that data is up to you. You can view that data in the GUI itself or you can export to a CSV file.

As well for those that love automation and development you can choose from:

PowerShell and using the cmdlet Search-UnifiedAuditLog which will return activities from all the services like Exchange, SharePoint, Teams, etc

Graph API and use the Management Activity API to return audit data and manipulate with features like pagination, etc

Pax