Auditing and Compliance in Office 365 for SharePoint & Exchange Messaging

Posted on Updated on

Auditing and Compliance in Office 365

Audience: Office 365 for Enterprise Administrators

Office 365 includes auditing and compliance features in Exchange Online and in SharePoint Online that you can use to help your organization meet its legal, regulatory, and organizational compliance requirements.  Office 365 administrators can configure these services for themselves without contacting Support.

Exchange Online

Here’s what you can do in Exchange Online to help your organization meet its compliance requirements:

  • Comply with data retention requirements or legal requirements by preventing the deletion of email messages.
  • Search for email items related to specific legal cases or requests from regulatory authorities.
  • Control the flow of messages and implement actions based on message content or on message senders and recipients.
  • Encrypt content and enforce email usage policies.

For more information, see Security and Compliance in Exchange Online for Office 365.

Exchange Online Audit Reports

Use audit logging to troubleshoot configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements. Exchange Online provides two types of audit logging:

  • Administrator Audit Logging records any action, based on a Windows PowerShell cmdlet, performed by an administrator. This can help you troubleshoot configuration issues or identify the cause of security or compliance related issues.
    • Note – The following PowerShell operations against Exchange Online are not logged within Auditing lots:  Test-, Get-, and Search-.
  • Mailbox Audit Logging records whenever a mailbox is accessed by someone other than the person who owns the mailbox. Use this to see who’s accessing a mailbox and what they did.

Exchange Online Audit Reports:

SharePoint Online

Here’s what you can do in SharePoint Online to help your organization meet its compliance requirements:

  • Create and apply information management policies
  • Create content retention and expiration rules and policies
  • Search and create a hold to protect specific documents or items from expiration policies

For more information, see Records management and compliance in SharePoint Online.

SharePoint Online Auditing Reports

Configure Audit Settings for a Site Collection

You can use the SharePoint Online audit featureto track which users have taken what actions on the sites, content types, lists, libraries, list items, and library files of site collections. Knowing who has done what with a particular piece of information is critical for many business requirements, like regulatory compliance and records management.

Configure Events to Audit
  1. On the Site actions menu, click Site settings.
  2. If you are not at the root of your site collection, under Site Collection Administration, click Go to top level site settings.

Note:  The Site Collection Administration section will not be available if you do not have the necessary permissions.

  1. On the Site Settings page, under Site Collection Administration, click Site collection audit settings.
  2. On the Configure Audit Settings page, in the Documents and Items and List, Libraries, and Site sections, select the events you want to audit, and then click OK.

Which events you audit depends on your auditing needs. For example, regulatory compliance usually has specific requirements that will dictate which events you need to audit. We recommend that you only audit the events required to meet your needs. Additional unnecessary auditing can affect the performance and other aspects of the site collection.

Important   

If you are using SharePoint Online for Microsoft Office 365 for enterprises, auditing for Opening or downloading documents, viewing items in lists, or viewing item properties is not available because of storage and performance concerns.

View Audit Log Reports

You can use the SharePoint Online audit log reports to view the data in the audit logs for a site collection. You can sort, filter, and analyze this data to determine who has done what with sites, lists, libraries, content types, list items, and library files in the site collection. For example, you can figure out who deleted a particular piece of content.

View Audit Log Reports

To view an audit log report:

  1. On the Site actions menu , click Site settings.
  2. If you are not at the root of your site collection, under Site Collection Administration, click Go to top level site settings.

Note:  The Site Collection Administration section will not be available if you do not have the necessary permissions, such as by being a member of the default Site Collections Administrators group.

  1. In the Site Collection Administration section, select Audit log reports.
  2. On the View Auditing Reports page, select the report that you want, such as Deletion.
  3. Type or Browse to the library where you want to save the report and click OK.
  4. On the Operation Completed Successfully page, click “click here to view this report.”

Notes 

  • Excel 2010 must be installed to view audit log reports by clicking click here to view this report.
  • Alternatively, if opening documents in the browser is enabled for the library, go to the library where you saved the audit log report, point to the audit log report, click the down arrow, and then click View in Browser.

You can now use standard Excel features to narrow the reports to the information you want. Some ways in which you can analyze and view the log data include:

  • Filtering the audit log report for a specific site.
  • Filtering the audit log report for a particular date range.
  • Sorting the audit log report.
  • Determining who has updated content.
  • Determining which content has been deleted but not restored.
  • Viewing the changes to permissions on an item.

Whatcha thinkin?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s