Use Audit Logs in Microsoft 365

In this blog post, we will learn how to review audit logs in Microsoft 365 using the compliance portal.

Audit Logs

In the last few years, Microsoft has increased the audit capabilities in Microsoft 365, and now we have the option to review almost all the actions that users and administrators take.

With audit logs, we can review user and administrators activities in OneDrive, Exchange Online, Teams, Azure AD and all administrative actions.

Audit logs are also called unified audit logs because they cover many services and products in Microsoft using a single interface.

Get Started

To get started with audit logs, open the Microsoft 365 Compliance center using the following direct URL:

To search for audit logs all you need to do is select a specific activity from the Activities drop-down or leave with the show all option which will display all the activities. In the users, you can select single or multiple users and set the date.

By default, Microsoft 365 audit logs are shown from the last 90 days. To see results for data that is older than 90 days you will need a license that covers advanced auditing.

Advanced auditing in Microsoft 365 allows you to retain audit logs for up to 10 years if you have an E5 license. Since I have an E5 license you can see that I have the option to Create audit retention policy.