Continuing to look at Compliance and O365 Groups I wanted to look at the Audit log search in Security & Compliance, I’m sure we all realize how important it is to collect audit data so that you can answer questions about user or system actions.
- Go to Security & Compliance portal
- Expand Search & Investigation then select Audit Log Search
- From the GUI you need to select the activities you want to report on which can cover many different services like File, Sway, and AAD to mention just a few and then each service has multiple activities like Delete, Create, etc.
- As well you can select Start and end dates
- If you know enough specifics you can narrow it down to users and files/folders
NOTE: Any information you can use to narrow down what you have to dig thru will be better for you.
The information that is provided to you will have all the info you expect, and what you do with that data is up to you. You can view that data in the GUI itself or you can export to a CSV file.
As well for those that love automation and development you can choose from:
PowerShell and using the cmdlet Search-UnifiedAuditLog which will return activities from all the services like Exchange, SharePoint, Teams, etc
Graph API and use the Management Activity API to return audit data and manipulate with features like pagination, etc