How to Audit OneDrive File and Folder Access

The Microsoft OneDrive cloud storage service is a good alternative to Dropbox and Google Drive. It allows users to store files and folders online, share them with others, and access them from anywhere.

OneDrive is an excellent tool for storing and sharing files, but it’s important to keep track of who has access to your files and folders. In this guide, we will show you how to audit the OneDrive file and folder access.

When it comes to OneDrive file and folder access, there are two main types of permissions: public and private. Public permissions allow anyone with the link to access the file or folder. Private permissions restrict access to only those who the owner has invited.

To Audit users’ and administrators’ activities across OneDrive (File and Folders), we use the Microsoft 365 Unified Audit Log available from the Microsoft 365 Defender portal.

All logs are retained for 90 days by default if you are on the E3 subscription level. They are kept for one year if you are on an E5 subscription.

Audit OneDrive

To audit OneDrive file and folder access, open the Microsoft 365 Defender portal.

On the search page, fill in the following: Date, specific users, and the file’s name.

The result page will show when the file was accessed, IP address, User, Activity, and details about the event.



, ,