What is an audit log?
An audit log in Microsoft 365 (M365) is a detailed record of activities and events that can happen within the M365 environment.
Table of contents
Organizations use audit logs to monitor user and administrative actions. Audit logs enable them to ensure security, meet compliance requirements, and improve operational efficiency.
User audit logs
Audit logs record actions such as accessing, modifying, deleting, and sharing files, as well as email activities and changes made in collaborative platforms like Microsoft Teams.
Admin audit logs
When it comes to administrators, the audit logs capture critical activities like user account management, configuration changes, and permission adjustments.
Audit logs and M365 services
The audit logs encompass a wide range of services within the M365 suite, including:
- Exchange Online - audit logs are used to document email-related activities.
- SharePoint Online - audit logs capture document and site activities.
- OneDrive for Business - these audit logs log file interactions.
- Microsoft Teams - audit logs are used to record chat, meeting, and collaboration activities.
In addition to the mentioned ones, audit logs also cover other services such as Power BI, Entra ID, and Yammer.
Where can you find audit logs?
You can access audit logs through the Microsoft 365 compliance center or the Security and Compliance Center. Administrators can easily search, filter, and export audit log data for analysis and reporting.
Audit log retention
By default, audit log data is retained for 90 days. Organizations with Microsoft 365 E5 or an advanced compliance add-on can retain logs for up to one year or longer.
