Microsoft is pleased to announce the roll out of new activity logging and reporting capabilities for Office 365, including the Office 365 activity report, comprehensive logging capability, PowerShell command or cmdlet and a preview of the Office 365 Management Activity API.
Office 365 activity report
The Office 365 activity report enables you to investigate a user’s activity by searching for a user, file or other resource across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory, and then download the activities to a CSV (comma separate values) file. You can filter by date range, user, file/folder and activity type. This feature is especially useful for compliance reporting purposes for companies that are in highly regulated industries such as pharmaceuticals and financial institutions
You can use the Office 365 activity report in the Office 365 Compliance Center to view user and admin activity in your Office 365 organization. The report contains entries for the following types of events:
- Admin activity (admin audit logging) in Exchange Online.
- Access to mailboxes by someone other than the owner (mailbox audit logging) in Exchange Online.
- User activity in SharePoint Online and OneDrive for Business.
- Admin activity in SharePoint Online and OneDrive for Business.
- Admin activity in Azure Active Directory (the directory service for Office 365).
- User sign-in activity in Azure Active Directory.
Comprehensive logging capability
User and admin activity events are logged across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory. This is useful for helping to see what types of files a user has been sharing with others in the organization.
Today, you can search on over 150 events (with more coming soon), including file views, mailbox owner activity, Azure Active Directory log ins and many more. In the future, we plan to expand these capabilities to include activities in other Office 365 services, such as Yammer and Skype for Business.
Search PowerShell cmdlet
Another new way to search activity logs is with PowerShell, using the Search-UnifiedAuditLog cmdlet, which enables you to run scoped queries against the audit storage log, such as by date, record type, operation and file extension. This cmdlet also lets you export those logs to a file. For example you could run the following cmdlet to search user activity logs for all events from May 1, 2015 to June 26, 2015:
Search-UnifiedAuditLog -StartDate May 1, 2015 -EndDate June 26, 2015
These capabilities started to roll out last month.
Sources: Office Blogs