How To Audit SharePoint

Auditing SharePoint is essential for maintaining compliance and safeguarding sensitive data in your organization. In this guide, we will walk you through the process step-by-step.

To audit SharePoint, you can access the audit log reports in the Site Settings. However, the options and features may vary depending on the version of SharePoint you are using.

In SharePoint Online, the audit log reports have been moved to the Microsoft 365 Security & Compliance Center. To view the audit logs, you need to enable the audit logs feature in the Compliance Center before accessing the logs for SharePoint Online.

Once you have enabled the audit settings, it may take some time for the logs to collect data and prepare reports. You can then view the audit logs in the Security & Compliance Center by applying search criteria such as activities, start date, end date, users, and file or site.

If you prefer to use PowerShell, you can query the audit log and produce reports. You can search for specific events and export the results to a CSV file.

Having access to audit logs and regularly reviewing them is crucial for monitoring user activity, troubleshooting issues, and identifying potential security breaches in your SharePoint environment.

Accessing Audit Log Reports in SharePoint

To begin auditing SharePoint, you need to access the audit log reports, which can be found in the Site Settings of your SharePoint platform. The availability of options and features may vary depending on the version of SharePoint you are using.

Once you are in the Site Settings, navigate to the Audit Log Reports section. Here, you will find a comprehensive overview of the activities and events recorded within your SharePoint environment.

Utilizing the audit log reports, you can gain valuable insights into user actions, document access, and system changes, helping you maintain compliance and protect sensitive data within your organization.

Available Options SharePoint Version
Data Modification SharePoint Version 2010 and later
View Usage SharePoint Version 2013 and later
Content Viewing SharePoint Version 2016 and later

It’s important to note that as you progress to later versions of SharePoint, additional features and functionalities are introduced, offering enhanced audit capabilities to ensure the security and integrity of your SharePoint environment.

Accessing Audit Log Reports in SharePoint

When accessing the audit log reports, you have the option to filter and customize the data displayed to suit your specific auditing needs. By applying search criteria such as activities, start date, end date, users, and file or site, you can refine the audit log reports and focus on relevant information.

In addition to accessing the audit log reports through the Site Settings, you can also utilize PowerShell to query the audit log and generate detailed reports. This allows you to search for specific events and export the results to a CSV file, providing you with further flexibility in analyzing and managing the audit data.

Regularly reviewing the audit logs is crucial for monitoring user activity, troubleshooting issues, and identifying potential security breaches within your SharePoint environment. By leveraging the comprehensive audit log reports, you can ensure compliance, safeguard sensitive data, and maintain the integrity of your organization’s SharePoint platform.

Enabling and Viewing Audit Logs in SharePoint Online

If you’re using SharePoint Online, the process of enabling and viewing audit logs has slightly changed, with the audit log reports now located in the Microsoft 365 Security & Compliance Center.

To enable the audit logs feature, navigate to the Security & Compliance Center in your Microsoft 365 admin center. From there, go to the “Audit” section and click on “Set up auditing”. You can then choose the specific activities you want to track, such as document views, file modifications, or user sign-ins.

Once you have enabled the audit settings, it may take some time for the logs to collect data and prepare reports. However, you can start viewing the audit logs by going back to the Security & Compliance Center and clicking on “Search & investigation”. From here, you can apply various search criteria such as activities, start date, end date, users, and file or site to narrow down your results.

If you prefer to use PowerShell for more advanced querying and reporting, you can do so as well. With PowerShell, you can search for specific events and export the results to a CSV file for further analysis.

Having access to audit logs and regularly reviewing them is crucial for monitoring user activity, troubleshooting issues, and identifying potential security breaches in your SharePoint environment. By enabling and effectively utilizing the audit logs in SharePoint Online, you can ensure compliance and safeguard sensitive data within your organization.

Meet the Author

Abdul Rahim has been working in Information Technology for over two decades. Learn how Abdul got his start as a Tech Blogger , and why he decided to start this Software blog. If you want to send Abdul a quick message, then visit his contact page here.