Auditing

Auditing determines what actions were performed by what identity, and at what time those actions were performed. As we described earlier, Microsoft 365 allows administrators to audit actions that are made in the service regarding file sharing and collaboration, syncing, and deletion and access. The main auditing activities for files are as follows:

  • Accessed file
  • Copied file
  • Deleted file
  • Deleted file from the recycle bin
  • Deleted file from the second-stage recycle bin
  • Downloaded file
  • Moved file
  • Uploaded file

In addition, sharing is also part of the audited log activities, and the main sharing audited activities are as follows:

  • Created access request
  • Created a company shareable link
  • Created a sharing invitation
  • Shared file, folder, or site
  • Used a company shareable link
  • Withdrew sharing invitation

A view of the sharing activities inside the Security and Compliance Center can be seen in the following screenshot:

As we mentioned earlier, administrators should leverage audit logs, along with activity alerts and Cloud App Security policies, to understand what actions are being taken by users and administrators regarding files and sharing inside their organization.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.6.77