\ How to audit OneDrive for Business activities

How to audit OneDrive for Business activities

Your download is in progress and it will be complete in just a few seconds! If you face any issues, download manually here
Manage and Secure Microsoft 365 with
M365 Security Plus
  • Please enter business email address
  •  
    By clicking 'Download 30-day free trial', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.

Microsoft 365's OneDrive for Business is widely used to store and retrieve files and folders. Since the documents stored can be easily accessed, modified, or deleted by any user in your organization, you must keep track of all the actions performed in your organization’s OneDrive for Business account along with the person responsible for every action.

Native Microsoft 365 auditing options such as PowerShell scripts and the Microsoft 365 Security & Compliance Center are either challenging to use or do not directly provide specific OneDrive for Business activity logs. These audit logs can be searched through and generated on a per-user basis only. M365 Security Plus simplifies the process of fetching OneDrive for Business audit logs by offering exclusive audit reports for multiple users under various domains. These audit logs can be stored for an indefinite period.

To view OneDrive for Business audit reports in M365 Security Plus:

  1. Go to the Audit tab under the Auditing & Monitoring section.
  2. Navigate to OneDrive for Business > OneDrive for Business Sharing Activity or OneDrive for Business Sync Activity or OneDrive for Business File Folder Activity
  3. Enter the Period for report generation.
  4. Choose the required Domains from the drop-down.

How to audit OneDrive for Business activities

You can export the reports generated as PDF, HTML, XLS, or CSV format. You can also use the Schedule Profiles option to schedule the reports to be automatically generated and mailed to the stakeholders in your organization.

Creating audit profiles that suit your need

M365 Security Plus' audit reports come in handy when you want to scrutinize and monitor specific attributes. For example, the OneDrive File Accessed audit report by default displays all the file access operations performed. But using the filters available in M365 Security Plus, you can tweak the audit report to display only the file access operations performed by specific users, the ones performed during a specific time, the ones performed using a specific client IP address, and so on. With this, you can keep a close eye on activities performed by particular users or the activities performed outside business hours. You may also use the Create New View option, to get a customized summary based on the attributes that you choose, like time or user name.

Learn more about how M365 Security Plus offers simple solutions to complex Microsoft 365 issues.