How to audit files accessed by users in OneDrive for Business

Your download is in progress and it will be complete in just a few seconds! If you face any issues, download manually here

Thank you for registering with ManageEngine.

We will send the download link to the registered email ID shortly.

Manage and Secure Microsoft 365 with M365 Security Plus

  • By clicking 'Download 30-day free trial' you agree to processing of personal data according to the Privacy Policy.

OneDrive for Business is a repository of files and folders in Microsoft 365. It helps teams store, access, and share files and folders. This service plays a key role in remote and work-from-home environments. Since many users can access the same files and folders, it's vital to keep track of who's making what changes to what files.

The Microsoft 365 Admin Center does not provide any built-in reports that help keep track of file accesses and changes. You need to head over to the Microsoft 365 Security & Compliance Center to search the unified audit logs for the required data. Here, the number of predefined reports available are limited and audit logs older than 180 days will be automatically purged.

OneDrive for Business auditing in M365 Security Plus

M365 Security Plus comes with comprehensive audit reports covering almost all major activities in Microsoft 365. The tool also provides separate categories to audit every file and folder activity, share, and syncing process in OneDrive for Business.

To view the file access operations performed by users:

  1. Go to the Auditing & Monitoring section.
  2. Click the Audit tab.
  3. Navigate to OneDrive for Business > OneDrive File Folder Activities > OneDrive File Accessed.

You can add or remove columns from the report if needed, or create a new view based on summaries or filter criteria by clicking on the Create New View option. Once you've fetched the required data, you can print the report or export it as a CSV, PDF, HTML, or XLSX file.

How to audit files accessed by users in OneDrive for Business

Highlights of M365 Security Plus auditing

  • Indefinite audit log storage

    In Microsoft 365, there are limits on the time during which you can retrieve historical data based on the type of license used. In M365 Security Plus, you can store audit logs for an indefinite period of time and retrieve them easily as and when required.

  • Real-time auditing

    M365 Security Plus fetches audit logs in real-time for all Microsoft 365 services simultaneously. It presents fetched logs in the report along with graphs and charts.

  • Granular filtering

    In native Microsoft 365, you can only filter logs based on certain attributes. With M365 Security Plus, filter your logs based on any attribute and perform multi-valued searches using several combinations of condition filters.

  • Customizable views

    In M365 Security Plus, you can create your own custom views to see filtered or summarized data. You can also filter the summarized data. Add customizations to the audit dashboards and display the snippets in your websites.

  • Auditing outside business hours

    Microsoft 365 doesn't support restricted timeframe auditing, but M365 Security Plus lets you retrieve audit details based on business hours or a specific period of time. Configure business hours to note the activities happening outside the set time period.

  • Data export options

    Export the generated audit logs in four different formats: HTML, CSV, PDF, and XLSX. In the native tool, only CSV format is supported.

  • Audit schedules

    Schedule customized audit profiles that run automatically and send reports in the desired format via email to the stakeholders at regular time intervals.

Learn more about how M365 Security Plus offers simple solutions to complex Microsoft 365 issues.