Audit events: event availability timing reference

  • Last update on September 26th, 2024

Table of Contents

The Audit section is only available as an add-on. Please contact your CSM to learn more.

 

The availability of Audit event data is controlled by Microsoft. Therefore, this article is designed to provide you with a reference to understand which events are available and when.

When a user or admin performs an audited activity in Microsoft 365, an Audit record is generated and stored in the Microsoft 365 Audit log for your organization. Refer to our article about CoreView's data retention to learn how long the data is retained for.

Please note that the retention duration of an Audit record also depends on your Office 365 or Microsoft 365 enterprise subscription, specifically the type of license assigned to each user.

Event availability

The following list presents the sources of the Audit information: 

  • Defender for Microsoft 365 and Threat Intelligence
  • Entra ID (user login events)
  • Entra ID (admin events)
  • Data Loss Prevention
  • Dynamics 365 CRM
  • eDiscovery
  • Exchange Online
  • Microsoft Power Automate
  • Microsoft Stream
  • Microsoft Teams
  • Power Apps
  • Power Bl
  • Microsoft 365 compliance center
  • Sensitivity labels
  • SharePoint Online and OneDrive for Business
  • Workplace Analytics
  • Viva Engage
  • Microsoft Forms

For timing and details on the schemas, please refer to the following articles in the Microsoft documentation: