What is an audit log?

An audit log in Microsoft 365 (M365) is a detailed record of activities and events that can happen within the M365 environment. 

Organizations use audit logs to monitor user and administrative actions. Audit logs enable them to ensure security, meet compliance requirements, and improve operational efficiency — or, more simply, keep their M365 tenant under control.

Here’s a detailed breakdown of the types of activities audit logs record for both users and admins:

Audit logs record actions such as accessing, modifying, deleting, and sharing files, as well as email activities and changes made in collaborative platforms like Microsoft Teams.

When it comes to administrators, the audit logs capture critical activities like user account management, configuration changes, and permission adjustments. These audit logs provide a clear and helpful trail of administrative actions that can impact the organization’s security and compliance status.

The audit logs encompass a wide range of services within the M365 suite, including:

  • Exchange Online – audit logs are used to document email-related activities.
  • SharePoint Online – audit logs capture document and site activities.
  • OneDrive for Business – these audit logs log file interactions.
  • Microsoft Teams – audit logs are used to record chat, meeting, and collaboration activities.

In addition to the mentioned ones, audit logs also cover other services such as Power BI, Entra ID, and Yammer.

You can access audit logs through the Microsoft 365 compliance center or the Security & Compliance Center. Administrators can easily search, filter, and export audit log data for analysis and reporting. You can review them proactively to ensure compliance or reactively in response to specific incidents.

The default audit log retention period is 180 days. The retention period can vary depending on the specific M365 subscription plan.

Related Posts