Audit reports include:
Microsoft 365
The “Audit activities” for the Microsoft 365 audit report offers a comprehensive report of all activities from the Unified Audit Log within your Microsoft 365 tenant. This report serves as an initial reference, which can be refined based on a specific investigation. For instance, a report can be generated detailing all actions undertaken by a particular user over the previous week. While only a subset of details for each event is displayed initially, additional properties can be accessed in the workload-specific reports.
Exchange
In the Exchange audit report, comprehensive reports are available on audited activities, admin and non-owner mailbox activities, Data Loss Prevention (DLP) actions, “Send As” or “Send on Behalf” activities, and changes to mailbox rights within your Microsoft 365 tenant.
SharePoint
In the SharePoint audit report, detailed reports are available on various activities within your Microsoft 365 tenant. These include audited SharePoint Online activities, external and anonymous invitations, activities performed by external users, Site Collection administrator changes, sharing operations, and Site permission changes. Each category provides a curated view, with additional details available by selecting the corresponding columns.
OneDrive
In the OneDrive audit report, comprehensive reports are available on OneDrive for Business activities within your Microsoft 365 tenant. These include audited activities, external and anonymous invitations, activities performed by external users, Site Collection provisioning, Data Loss Prevention (DLP) activities, sharing operations, and Site permission changes. Each category offers a curated view, with the option to display additional details by selecting the corresponding columns.
Threat intelligence
The threat intelligence activities report displays all Threat Intelligence audited activities within your Microsoft 365 tenant.
Teams
In the Teams audit report, detailed reports are available on all Microsoft Teams activities within your Microsoft 365 tenant. These include audited activities, channel operations, membership operations, team management operations, external and anonymous invitations, activities performed by external users, Site Collection administrator changes, Data Loss Prevention (DLP) activities, sharing operations, and Site permission changes. Each category provides a curated view, with the option to display additional details by selecting the corresponding columns.
Power BI
The Power BI activities report provides a report of all Power BI audited activities within your Microsoft 365 tenant.
Security and compliance activities
The Security and compliance activities report displays all Microsoft Purview and Microsoft Defender activities audited within your Microsoft 365 tenant.
CRM
The CRM activities page provides a report of all Dynamics CRM audited activities within your Microsoft 365 tenant.
Entra
In the Entra audit report, comprehensive reports are available on all Entra ID activities within your Microsoft 365 tenant. These include audited activities, various sign-in events (overall, admin roles, external users, failed attempts), monthly sign-ins by user and app, risky users, risk detections, and sign-ins from anonymous IPs, unfamiliar locations, and using legacy protocols. For certain categories, additional details can be displayed by selecting the corresponding columns, and there is an option to display a map (Sign-in: events, with admin roles, external and failed).
This section may be used to:
- Verify if a user has updated their password
- Check who changed a user license
- Check SharePoint site external access
Visit these pages to view the functionalities related to these audit reports only:
Power apps
In the Power Apps audit report, detailed reports are available on all Power Apps activities within your Microsoft 365 tenant. These include audited activities, creation, launch, and publishing events, as well as permission changes. Each category provides a comprehensive view, with the option to display additional details by selecting the corresponding columns.
CoreView
The CoreView audit log is now located in the “Audit log” section under Settings. Here, a record of all activities carried out in CoreView is available, enabling tracking and oversight of the actions of each operator within CoreView.
Visit these pages to view the functionalities related to these reports: