Understanding Your SharePoint Environment with Audit Logs

Understanding Your SharePoint Environment with Audit Logs

by

SharePoint audit logs allow you to look at who is opening SharePoint files and folders in any site collection and what they are doing with this data. You can sort, filter and analyze what your users have been working on within sites, lists, libraries, content types, list items and files.

Say, for example, an important piece of content was deleted. Thanks to SharePoint audit logs, you can figure out who deleted the content. That way you can take steps to retrieving it as quickly as possible, as well as putting in place the right steps to making sure the same mistake doesn’t repeat itself.

Thus, audit logs are a key part of managing your SharePoint infrastructure.

The Dread of the Audit

The word ‘audit’ seems to fill some people with dread. Those of us who held summer retail jobs might have bad memories of stock audits, taking place either before the store opened (too early) or after it closed (too late). And, of course, tax audits conjure the idea of white collar crime, fear of the IRS, and big old Al Capone.

There are several different types of audits, including retail stock audits and tax audits. Your company must also always be prepared for an audit of the information you hold—usually for compliance and regulatory reasons. And if you’re not prepared you could face severe penalties – like Mr. Capone.

Make Your SharePoint Vision 20-20

Luckily, SharePoint has built-in mechanisms for carrying out audits across your environment. With better oversight on what’s happening in your SharePoint sites, you can much more easily manage what you need to manage.

Here’s a list of what you can see and track with the power of SharePoint audit logs:

  • Opened and downloaded documents, viewed items in lists, or viewed item properties (this event is not available for SharePoint Online sites)
  • Edited items
  • Checked out and checked in items
  • Items that have been moved and copied to another location in the site collection
  • Deleted and restored items
  • Changes to content types and columns
  • Search queries
  • Changes to user accounts and permissions
  • Changed audit settings and deleted audit log events
  • Workflow events
  • Custom events

Why Audit Logs are useful for organizations

Why Is it Useful for Organizations?

Even just from the brief list above, you can get a sense of how audit logs might be of great benefit to your business. But here’s why in a bit more detail:

Meet Governance and Legal requirements

The amount of information and data that businesses process and store these days continues to rise, so the importance of best practice data management and governance is essential to making sure you are not falling short of your legal requirements.

There are also several different data protection laws out there (the GDPR , HIPAA , etc.), determined on where you’re based, where your employees are from, and who your customers are. So, it’s easier than you might think to overlook something that could prove crucial down the line.

Audit logs enable a complete overview of your important documents and information. Knowing who last viewed these, where they’re stored and from where they might have been moved (along with a complete trail), is important when you need to provide them to a third party or prove you’re on the right side of the law.

Your employees will be more likely to keep on top of their best practice duties when they know that you can see exactly what they’ve done.

Understand how documents & items are used

While compliance and governance best practice are important for obvious reasons, the ability to understand how the information in your company is worked on, is vital to putting in place protocols that will ensure your employees can work optimally.

Thinking about rolling out a new solution? By seeing how your teams work, you can make decisions that you think will help adoption rates. And with better adoption comes higher productivity, which eventually leads to higher ROI.

Keep track of history

This is important from both a compliance and productivity aspect. You can view how files and documents evolve over time, have a strong backup system in place and knowing history can help you make predictions on the future.

For your audit logs to monitor your SharePoint information you first must make sure you have them switched on:

How to activate Audit Settings in SharePoint

  1. Go to the Central Administration homepage
  2. In the Application Management section; click ‘manage service applications’
  3. Select the ‘secure store service’ application
  4. On the ribbon, click ‘properties’
  5. In the ‘enable audit’ section; click to select the audit log enabled box
  6. To change the number of days that entries will be purged from the audit log file, specify a number in days in the ‘Days until Purge’ field - the default value is 30 days.
  7. Click OK.

How to activate Audit Settings in Office 365

  1. From the admin center, select Compliance under Admin
  2. In the Compliance Center, select Reports
  3. Click the Office 365 audit log reports link
  4. In the upper left corner of the page, click the Start recording user and admin activities link

How to view the Audit Log Report

You can view the audit log report by going to the ‘site actions’ menu and clicking ‘site settings’; from there click ‘modify all site settings’; In the ‘Site Collection Administration’ section, select ‘Audit log reports’; then select the type of report you need.

Voilà! While they may contain the often dreaded term ‘audit’, hopefully we’ve shown you today that they don’t have to be scary, and, when used in SharePoint, can help you understand your environment far better.

Gabrielle Lafontaine
Gabrielle Lafontaine @sharegatetools

Gabrielle lives and breathes content. With a strong background in editorial strategy and content creation, she brings a human touch to the world of tech blogging. When she's not sitting at her computer, you'll more than likely find her eating something with avocado or curled up somewhere with a book.