PhoneGet Quote
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890


OneDrive for Business auditing tool

OneDrive for Business handles important and sensitive information, such as HR data, financial records, and customer details. This is why auditing user activity is crucial to ensure the security of information stored in OneDrive for Business. However, auditing user and admin activity is easier said than done if you're using the native tools provided in the Microsoft 365 admin center.

Auditing OneDrive for Business with the admin center

Auditing OneDrive for Business with the Microsoft 365 admin center has the following limitations:

  • The admin center holds audit logs for a maximum of 180 days, which does not meet most compliance requirements. You need an alternative way of storing your audit logs.
  • The admin center provides a very limited set of preconfigured reports, which means you can't always find what you want. You'll have to manually sort through the unified logs to find the audit logs you need.
  • With the admin center, the parameters for filtering data are very limited. For example, you cannot view all the user activities in OneDrive for Business in a single report, filter audit logs pertaining to a particular site, or customize the audit report to view only the details you need.
  • Whenever you try to filter out the required audit logs—say, for example, the audit logs on newly created files—the entire unified log has to be analyzed. This consumes a lot of your valuable time.

Auditing OneDrive for Business with M365 Security Plus

M365 Security Plus provides an exhaustive list of preconfigured audit reports for user and admin activity in OneDrive for Business. Below are the report categories and the list of actions audited by M365 Security Plus under each category.

File and folder sharing activity

  • Accessed file
  • Checked in file
  • Checked out file
  • Copied file
  • Discarded file checkout
  • Restored file
  • Uploaded file
  • Deleted file
  • Downloaded file
  • Modified file
  • Moved file
  • Renamed file
  • Copied folder
  • Created folder
  • Deleted folder
  • Deleted folder from recycle bin
  • Deleted folder from second-stage recycle bin
  • Modified folder
  • Moved folder
  • Restored folder
  • Deleted file from recycle bin
  • Deleted file from second-stage recycle bin
  • Detected malware in file
  • Recycled all versions of file
  • Viewed a page
  • Extended page views
  • Extended file accesses
  • Extended file modifications

Synchronization activity

  • Allowed computer to sync files
  • Blocked computer from syncing files
  • Downloaded files to computer
  • Downloaded file changes to computer
  • Uploaded files to document library
  • Uploaded file changes to document library

Sharing activity

  • Accepted access requests
  • Accepted sharing invitations
  • Created company-wide sharing links
  • Created access requests
  • Created anonymous links
  • Created sharing invitations
  • Denied access requests
  • Deleted company-wide sharing links
  • Deleted anonymous links
  • Shared file, folder, or site
  • Updated anonymous links
  • Used anonymous links
  • Unshared file, folder, or site
  • Used company-wide share links
  • Withdrawn sharing invitations
  • Added permission level to site collection
  • Blocked sharing invitation
  • Broke permission level inheritance
  • Broke sharing inheritance
  • Modified permission level on site collection
  • Removed permission level form site collection
  • Restored sharing inheritance

Key features of M365 Security Plus

  • Long-term historical data archival: In native Microsoft 365 , there are limits to how long you can retrieve historical data based on the data being audited. M365 Security Plus, on the other hand, stores audit data indefinitely to maintain complete records.
  • Real-time auditing: Instead of gathering the associated data for audit reports each time you perform an audit, M365 Security Plus keeps audit reports updated in real time.
  • Profile-based auditing: Instead of having to comb the entire list of audit reports to find the right one (as is required in Microsoft 365 ), M365 Security Plus lets you create your own profiles so you can view only those audit details you need to see.
  • Group-based auditing: While auditing Azure Active Directory, M365 Security Plus lets you generate reports for user activity based on group membership, which isn't possible using the native tools in the Microsoft 365 admin center.
  • Advanced filtering: In the Microsoft 365 admin center, you can only filter audit logs based on certain attribute values. With M365 Security Plus, you can filter audit logs based on any attribute, and perform multi-valued searches as needed.
  • Custom views: While Microsoft 365 doesn't support custom views, with M365 Security Plus you can create your own custom views to see filtered data, summarized data, or summarized data that is filtered. [Learn more]
  • Business hours auditing: Microsoft 365 doesn't support restricted time frame auditing, but M365 Security Plus lets you retrieve audit details based on business hours or a specific period of time.
  • Instant alerts: You can create alerts for critical activities in your Microsoft 365 mailbox to detect unauthorized activities in real time.
  • Export data: In the Microsoft 365 admin center, you can only export data in CSV format. In M365 Security Plus, you can export audit data in multiple formats including PDF, XLSX, HTML, or CSV.

Do more than just Microsoft 365 auditing with our unified SIEM solution, Log360!

 Explore Log360 now!  Request demo
A Complete Microsoft 365 Security Solution