What is an audit log?
Table of contents
Organizations use audit logs to monitor user and administrative actions. Audit logs enable them to ensure security, meet compliance requirements, and improve operational efficiency — or, more simply, keep their M365 tenant under control.
Here’s a detailed breakdown of the types of activities audit logs record for both users and admins:
User audit logs
Audit logs record actions such as accessing, modifying, deleting, and sharing files, as well as email activities and changes made in collaborative platforms like Microsoft Teams.
Admin audit logs
When it comes to administrators, the audit logs capture critical activities like user account management, configuration changes, and permission adjustments. These audit logs provide a clear and helpful trail of administrative actions that can impact the organization’s security and compliance status.
Audit logs and M365 services
The audit logs encompass a wide range of services within the M365 suite, including:
- Exchange Online – audit logs are used to document email-related activities.
- SharePoint Online – audit logs capture document and site activities.
- OneDrive for Business – these audit logs log file interactions.
- Microsoft Teams – audit logs are used to record chat, meeting, and collaboration activities.
In addition to the mentioned ones, audit logs also cover other services such as Power BI, Entra ID, and Yammer.
Where can you find audit logs?
You can access audit logs through the Microsoft 365 compliance center or the Security & Compliance Center. Administrators can easily search, filter, and export audit log data for analysis and reporting. You can review them proactively to ensure compliance or reactively in response to specific incidents.
Audit log retention
The default audit log retention period is 180 days. The retention period can vary depending on the specific M365 subscription plan.