Audit logs in Microsoft 365 Compliance Center

A lot of Microsoft 365 admins and users are still not fully aware of the existence of Microsoft 365 auditing and its capabilities. Microsoft 365 admin audit logs is a feature available through the security and compliance center, needs to be turned only once per tenant, and it can be a real life saver in the situations where you need to prove/audit user activity on your tenant.

For SharePoint people: this feature can to a great deal replace what you were doing with SharePoint Audit logs. You will get standard events covered – file and list item actions, site actions etc, but you will also get data outside of SharePoint there. Think of OneDrive – you will also want to know what happens with these. Especially since Teams store the files from the private chats into OneDrive, this is a way how you can – at least partly – get insights what is going in your Microsoft Teams.

Another huge advantage of the Microsoft 365 admin audit logs over old SharePoint Audit logs is that you need to turn them only once per tenant, not such with SharePoint per site collection. Since Site Collections are in modern SharePoint Online mainly created through self-service operations, such as Group and Team creation, you, as a SharePoint admin, cannot really “run after” those site collections and turn the audit logs as they are being created (sometimes in thousands!). This is one problem that Office 365 auditing solves.