An Office 365 Auditing Tool is one of the most important elements in your SharePoint (Office 365) Security System. It lets your Office 365 platform maintain its rich collaboration features while ensuring high security while we manage the content, share, and collaborate on them.
SharePoint or Microsoft Office 365 has been the major content management and collaboration platform for a large fraction of enterprises and SMEs for the longest period of time. As the Office 365 data and users grow, security and compliance take up the major priority in order to ensure data consistency, integrity, and security. SharePoint Security Manager or Office 365 security audit tool seems to be our go-to feature in such cases.
As a part of the compliance and Office 365 auditing tool, SharePoint provides Audit log reports that allow you to know who is accessing which SharePoint sites, lists, libraries, list items, and files in Site collections. You can also get a detailed report of the user actions. This report clearly logs all the user activities alongside the timestamps when the action is performed, which can assist you to simply sort, filter, and analyze the changes and effectively audit your entire SharePoint content.
For example, if a user shares the organization’s private content with external users, tampered with or deleted some important files, or granted some high privileges to some users who aren’t entitled to it, every sort of these actions are often tracked using audit reports. Without audit reports, it’s very difficult to seek out what and who made the changes to the content. SharePoint Audit log reports can let you seek these user activities and fix any undesired changes easily.
SharePoint Audit logs from Office 365 auditing tool
SharePoint audit logs are one of the most sought-after features of the Office 365 auditing tool. Now, as we are gearing up to generate the SharePoint audit log reports, we must have the audit settings for a site collection configured beforehand.
Set up the SharePoint Servers
- Go to the SharePoint Central Administration
- In the Application Management section: click on “manage service applications”
- Select the ‘secure store service’ application
- Click on ‘properties’
- In the ‘enable audit’ section: select the audit log enabled box
- To change the days count that the entries are going to be purged from the audit log file, specify the days within the ‘Days until Purge’ field – where the default value is 30 days.
- Click OK.
Office 365 Online
- At the admin center, select “Security & Compliance”
- In the Compliance Center, expand the “Search”
- Click on the audit log search
- In the upper left corner, click on the Start recording user and admin activities link
Events available for Audit log reports
- Opened and downloaded documents, viewed items in lists, or viewed item properties (This event is not available for SharePoint Online sites)
- Edited items
- Checked out and checked in items
- Items that have been moved and copied to other locations in the site collection
- Deleted and restored items
- Content types and columns changes
- Search queries
- User accounts and permissions changes
- Deleted audit log events and Changed audit settings
- Workflow events
- Custom events
Generating an Audit Log Report
A site collection administrator can view Audit log reports
- Go to site settings
- Under Site Collection Administration section, click Audit log reports.
- Choose proper report type
- Choose the location where to save the report.
- For the Customized report
- Choose the Date Range to which the activities report should be restricted to (optional)
- Choose to which user this report should be restricted to (Optional)
- Choose the events you want this report should be restricted to. If not selected, the report will include all the events.
- Click OK
Audit log reports usages
By utilizing this Office 365 Audit Log report and using the pivot tables in the excel sheets, we can create and track the actions and activities details from the previously mentioned exercises.
The following are a portion of the analysis of the user report that can be inferred utilizing these audit reports.
Office 365 Security Reports : Tracking user activities
1. Office 365 User activity
By utilizing an audit report, we can track who is performing which activity on the Microsoft Office 365 objects and can thus generate the total number of activities, they performed on the site.
For instance, from the User Id and Events sections in the Audit report, we can extract the report of who performed which activity on SharePoint. In light of this, we can also know who is the most active and engaged employee or client and who is gradually managing or accessing the site content.
2. User Activity Log
By utilizing an Office 365 auditing report tool, we can track who is accessing to more and who is accessing less along with the details of the activities with time. We can thus generate the user reports and the access count.
3.Last usage Report: Site Collection/Site/List/Library/Document/Folder/Item
By utilizing the audit report, get a list of the events that happened in a month or a day. Depending upon this, we can track the last date of usage of site collection/site/list/library/document/folder/item/record.
By gathering the Document area and sort by the Occurred date section, we can get the file details for the record like when it was last altered or accessed.
Access & Permission Management
The audit log reports can let you know the details of who gave access to whom on list/library/document/ site.
For instance, based on Event type as “Security Group Create”, “Security Role Definition Create” we can get the following.
By using the audit log reports, we can know who was given access to whom on list/library/document/ site.
For example, based on Event type as “Security Group Delete”, “Security Role Definition Delete” we can get the information about who removed access from the list/library/site/document/ file/ item for whom.
Search frequency of query
By using the audit log reports, we can get the frequent search terms, and the sites in which the search was performed.
For example, Based on Event Type ‘Search’ we can get the most searched query on the site collection/sites/lists/libraries.
Most viewed document/item/folder
The historical usage information of the document/item/folder can be easily drawn with the help of Audit log reports. We can then track to get more specific information by filtering these events.
For example, by filtering the document location and by filtering on the basis of date of occurrence, we can get the count of the times a particular document was accessed. With help of Event type, we can get the most viewed/updated documents.
Most viewed documents by the users
With help of Audit log reports, we can know historical usage information of the document /item /folder per-user level. For specific documents, we can see individual user counts. So, we can track who is frequently accessing the same information.
For Example, with the help of filters on User Id and document location columns, and by counting occurred date, we can get the document accessed count by user wise and With the help of Event type, we can get the most viewed/updated documents.
We can filter, sort or generate numerous sorts of actions or usage reports of Office 365 security. In any case, one thing to note here is, if the audit data is extremely enormous, SharePoint would give them in an alternate excel sheet which would bring about substantially more complexity to merge and produce required analytics reports dependent on them. It can be undeniably challenging to infer these complex analysis using those excel files.
So here any outsider or third-party tool that provides successful and effective Audit reports management and other security and compliance elements would save you from surprisingly disasterous security dangers and assists you with effectively trackable SharePoint security.
One such tool is the Saketa SharePoint Security Manager, which will assist you to effectively analyze, manage and track your overall SharePoint Security. You can see your SharePoint items that are Shared internally as well as externally with employees or clients, manage access, clean orphan users, and unused restricted access. You can also manage the External users or clients who may not be a member of your tenant, manage the shared connections, create permission levels and audit reports and a lot more SharePoint security features.
SharePoint Migrator Tool, being a one-stop for all your SharePoint needs furnishes you with its full-fledged SharePoint security system as well as the Governance Center.