Track File Usage in SharePoint Online

Imagine you upload a confidential project report to SharePoint Online, where your team can collaborate and co-author in real time. Such scenarios can be challenging to manage as multiple users access and modify the files, potentially risking the loss of important information. This guide will show you how to audit file usage in SharePoint Online and provide valuable insights to secure your important files from unauthorized access and accidental changes.

Native Solution

Microsoft 365 Permission Required

High

Least Privilege

View-Only Audit Logs role

Most Privilege

Global Admin

Option 1 Using Windows PowerShell Script

The ‘Search-UnifiedAuditLog’ cmdlet helps you audit file usage in SharePoint Online, but it cannot retrieve the filenames associated with the activities.
To overcome the cmdlet’s limitation, we've developed a PowerShell script that exports a detailed file usage audit report in SharePoint Online, including file names.
The script is designed to generate two different file usage reports, one for all activities related to SharePoint Online files and another for OneDrive files.
For SharePoint file usage report, run the script with the parameter SharePointOnline as shown below.
./AuditFileActivities.ps1 -SharePointOnline

AuditFileActivities.ps1

To get OneDrive file usage report, simply replace SharePointOnline with OneDrive.

Option 2 Using Microsoft 365 Purview Compliance Portal

Login to the Microsoft 365 Purview compliance portal and navigate to the Audit section.
Customize the start and end dates as per your requirement.
In the Record types section, select SharePointFileOperation and enter the desired name in the Search name field.
Hit the Search button. Once the search is completed, you can export the SharePoint Online file usage report for offline access.

Note: Events may not appear in the audit log immediately after they occur. There can be a delay ranging from a few minutes to several hours.

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the All Activities Related to SharePoint Files report under Audit»SharePoint»File Change Activities.

This report consolidates the file name, URL, and users who performed the activity, along with their machine IP, browser details, and more.

You can use the Target File easy filter to view all the activities performed on important files.

Refer to the All SharePoint File Activities Performed by Admins report under the All Admin Activities section to view every file activity performed by the admins.

The above built-in chart shows the count of each activity performed on files. Simply click on a specific activity to view all associated events without using manual filters.

Explore a full range of reporting options

Ensure file security and integrity with SharePoint Online usage analytics!

Sharpen your control over vital files with AdminDroid's SharePoint Online reports! Uncover file activities in hidden document libraries and gain insights into unauthorized file changes and accidental deletions with advanced reporting features.

Witness the report in action using the

Live Demo

Important Tips

Set up network location-based access for SharePoint Online to ensure that users are allowed to access sensitive SPO files only from trusted locations.

View usage data for your SharePoint sites to identify inactive sites and delete any unwanted files from those sites.

Monitor file and folder sharing in SharePoint Online to prevent sensitive files from being disclosed publicly due to misconfigurations.

SharePoint OnlineIdentify File Activities and Manage Modifications with SharePoint Online File Usage Analytics!

Showing 1 of 5

How to see who has viewed or accessed a file on SharePoint Online? How to get notifications when a file is modified in SharePoint Online? How to manage file version history in SharePoint Online? How to track file uploads in SharePoint Online? How to restrict users from downloading files in SharePoint Online?

How to see who has viewed or accessed a file on SharePoint Online?

Monitoring file access on SharePoint Online helps track who views documents, ensuring that only authorized people see important information. By default, SharePoint does not display extensive metrics, but site owners can activate a specific site-level feature to see users who have accessed files.

Enable SharePoint Viewers Feature

Navigate to the desired SharePoint Online site.
Click on Manage site features under Settings»Site information»View all site settings»Site Actions.
Click Activate next to the SharePoint Viewers feature.
After activating this feature, site members and admins can see the file viewers' statistics by hovering over a file.

Disable File Viewers’ Names

Navigate to Policies»Sharing from the SharePoint Online admin center.
Under Other settings, uncheck the "Let site owners choose to display the names of people who viewed files or pages in SharePoint".
Now, site admins and members can only see the number of views on the file. But they cannot view the users who accessed the file.

PowerShell Script to Find File Viewers

Download and execute the given script below to audit file access in SharePoint Online.

AuditFileAccess.ps1

You can use this script to track recently accessed SharePoint files, files accessed by external users, and list of files accessed by a specific user within a custom timeframe.

Transform your SharePoint Online security approach with AdminDroid's file access report!

Just navigate to Audit»SharePoint»File Access Activities in AdminDroid to find the SharePoint file access history report and SPO file access by admins report under 'All Admin Activities'.
Handy Tip: Use the Accessed File easy filter to view all access activities on important files.

How to get notifications when a file is modified in SharePoint Online?

SharePoint alerts enable you to receive real-time notifications when a file is modified. This will help you to stay informed about any unwanted modifications to sensitive files.

Follow the steps below to create alerts for specific files in SharePoint Online:

Navigate to the document library or list and choose the file for which you want to get alerted.
Click the ... (ellipses) and choose "Alert Me".
Give a name for the alert in the Alert Title field, specify e-mail addresses/usernames in the Send Alerts To field and choose E-mail as the Delivery Method.
Under Send Alerts for These Changes, select Anything changes.
For When to Send Alerts, choose Send notification immediately and then click "OK" to save.

Never miss any changes made to SharePoint Online files with AdminDroid's real-time alerts!

Instant Setup: Create alerts directly from the report page with just a few clicks, streamlining the process and saving valuable time.
Pre-built Monitoring: Identify suspicious activities like unusual volume of file downloads and accessed SharePoint files with in-built alert policies.
Granular Control: Fine-tune your alert policies using the intuitive preview console and easily modify their thresholds according to your requirements.

Handy Tip: You can easily modify policy configurations and update the status in the dedicated 'Alerts' page anytime.

How to manage file version history in SharePoint Online?

SharePoint Online offers co-authoring on files, allowing multiple users in your organization to contribute to a single file simultaneously. Therefore, it's crucial to track changes to ensure that important information in these documents is not modified. With SharePoint Online version history settings, you can monitor changes and restore critical versions.

View file history in SharePoint Online

You can see the file history in SharePoint Online by following the steps below:

Navigate to the Site contents page from the desired SharePoint site. Then, select the library or list where the file is located.
Right-click on the file and select Version history. In the pop-up window, hover over the desired version’s 'Modified date' and click the arrow icon next to the date.
For all file versions except the latest, you have the option to View, Restore, and Delete, while the latest version only shows the options to View and Restore.
To restore the previous version of a file, click on the Restore option. However, to perform any other operation, click on View.
The available actions include managing the file copies, sending notifications, checking out the file, or creating a workflow.

Note: The available options may differ for the latest and earlier file versions.

Manage files that have no checked-in version

In SharePoint Online, enabling "Require Check Out" ensures users check out the documents before editing and check-in them after modifications. If users forget to check-in, the files become "Files with No Checked-in Version" and are only visible to the uploader, disrupting collaboration. Managing these files is essential for collaborative access.

You can take control of these no checked in version files and make them checked-in.

Navigate to the site where "no checked-in version files" are located.
Go to Settings»Library settings»More library settings, and click on Manage files which have no checked-in version under Permissions and Management.
Select files you want to take ownership of and hit the Take Ownership of Selection button at the top.
After taking ownership, documents are removed from this section and appear in the document library or list where they were uploaded, remaining visible only to you until they are checked-in.
Once you checked-in the file, it will be visible to all the site members.

Master your SharePoint document lifecycle with AdminDroid's file version control reports!

Proactively manage document lifecycles and enhance collaborative workflows with the help of AdminDroid's detailed reports on checked-out and checked-in files in SharePoint Online.
Pro Tip: Start by using the checked-out files report to track who has checked out and edited the documents. Then, use the checked-in files report to ensure the documents are properly checked-in after modification.

How to track file uploads in SharePoint Online?

Tracking file uploads in SharePoint Online is essential for effective storage management. When users upload multiple files or unusually large volumes, it can significantly increase site storage and impact overall efficiency. By monitoring file uploads, you can identify the users responsible and take proactive measures to manage storage capacity.

Here are the steps to monitor file upload activities in SharePoint Online.

Connect to Exchange Online PowerShell using the cmdlet below.
```
Connect-ExchangeOnline
```

Execute the following cmdlet to export the SharePoint Online file upload audit data to a CSV file.

Search-UnifiedAuditLog -StartDate <MM/DD/YYYY> -EndDate <MM/DD/YYYY> -Operations FileUploaded | Export-Csv -Path <Location>

File upload size limitation

In SharePoint Online, the file upload size limit cannot be changed.

The maximum file upload size limit in SharePoint Online is 250 GB per file.
Document libraries and lists in SPO can hold up to 30 million items.
Each SharePoint Online site collection can be up to 25 TB in size.

Note: However, you can increase the maximum file upload size in SharePoint Server.

Moving and copying files across sites

When moving or copying files across SharePoint sites, make sure to:

Keep the total file size below 100 GB.
Limit the number of files to 30,000.
Ensure OneNote files are under 2 GB and other files under 15 GB.

Harness the power of AdminDroid's detailed file upload activities audit report to detect and prevent unusual file uploads!

Simply navigate to Audit»SharePoint»File Management Activities»Uploaded SharePoint Files to see all the SharePoint file upload activities in one place.
The report consists of file uploaded time, name, extension, username, IP address of the user, etc.

Handy Tip: Use Uploaded by graph to find the users who are responsible for unusual number of file uploads and to manage storage consumption.

How to restrict users from downloading files in SharePoint Online?

Preventing users from downloading files ensures that they are not modified outside your SharePoint Online environment, maintaining the integrity of important data. It also helps manage network bandwidth, especially where large files are frequently downloaded.

Follow the steps below to stop users from downloading files.

Connect to SharePoint Online PowerShell using the cmdlet below.
```
Connect-SPOService –Url <AdminCenterURL>
```
Run the following cmdlet to block downloads for all users in a SPO site.
```
Set-SPOSite –Identity <SiteURL> -BlockDownloadPolicy $true
```

Note: You need a SharePoint Premium license to use the block download policy for SharePoint sites.

Alternatively, you can create a custom permission level to enforce similar restrictions without needing a Premium license.

Navigate to the desired SharePoint site, then go to Settings»Site permissions»Advanced permission settings.
Click on 'Permission Levels' from the top and then select Add a Permission Level.
Select the View Items and View Application Pages under List Permissions, then hit the 'Create' button.
Now, go to the Advanced permission settings page again and select the user or group to block downloading.
Hit the 'Edit User Permissions' option on the top and then select the permission you have created.
Click the 'OK' button.

Note: You must be a site owner to access the advanced permission settings page.

Gain granular visibility into file download activities within SharePoint Online using AdminDroid!

With the SharePoint file downloads report, you can easily identify internal company documents downloaded by unauthorized users and reduce the time spent on navigating through native audit logs.

Handy Tip: You can monitor who downloads confidential files by reviewing the Downloaded By column and restrict future downloads for those users if necessary.

AdminDroid SharePoint Online ReporterTake control of your SharePoint Online files with comprehensive audit reports!

The SharePoint Online auditing tool stands unparalleled in tracking file usage with its exhaustive insights into SharePoint file activities. It includes individual reports for auditing file access, file management, file change activities, and more.

A Quick Summary

Track File Changes with Scheduled Reports

Schedule reports to receive up-to-the-minute updates on SPO file modification activities and keep track of recently modified documents on your SharePoint site.

Efficiently Recover Files in SharePoint Online

Track SharePoint Online file deletion activities to identify and restore accidentally deleted documents for quick recovery of crucial files.

Holistic View of Document libraries

Keep your Microsoft 365 files organized and secure by listing document libraries in SPO to streamline document management.

Check File Access Trends with a Quick Summary

Monitor SharePoint file access statistics to get a daily summary of files accessed or edited by every user in your organization.

Manage SharePoint Online storage with Active File Counts

Track daily active file counts to optimize SharePoint Online storage, ensuring efficient use of resources and avoiding storage limitations.

Customization Options for Optimal SPO Site Analytics

Customize your SharePoint site usage analytics reports with AdminDroid’s Microsoft 365 reporting features, including data filtration, column merging, and more.

Therefore, the AdminDroid SharePoint Online auditing tool assists you in the following scenarios:

Uncover files that haven't been accessed or modified in a long time to free up space for active files.
Analyze file activities in document libraries to identify and address potential security risks.
Gain insights into file or folder sharing in SPO site to avoid uncontrolled anonymous access.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps when Tracking File Activities in SharePoint Online

The following are possible errors and troubleshooting hints when auditing file usage in SharePoint Online.

Error: Sorry, something went wrong. The following users do not have e-mail addresses specified: username. Alerts have been created successfully but these users will not receive notifications until valid e-mail or mobile addresses have been provided.

This error occurs when there is no email address associated with the SharePoint Online user profile. Commonly it happens when the user does not have an Exchange Online license assigned to their account.

Troubleshooting hint :Assign Exchange Online license to the user. Then in the SharePoint admin center, navigate to More features»User Profiles»Manage User Properties, edit the Work email property to allow user edits, and ensure it is set as Replicable.

Error: The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

This error occurs when you try to get items within a document library that exceeds the view threshold of 5000 items.

Troubleshooting hint :Split and distribute the files to different document libraries.

Error: Cannot create the file request. "Anyone links with folder edit" permission must be enabled in your organization.

This error occurs when you try to get files within a folder which you don’t have permission to do it.

Troubleshooting hint :Global or SharePoint admin might disabled anyone link or assigned only view permission to the users or group. Ask them to provide edit permission to access the files in that folder.

Error: Set-SPOSite : You do not have required licenses to perform this operation. Please read here for licensing related requirements: https://learn.microsoft.com/en-US/sharepoint/block-download-from-sites

This error occurs when you try to execute the block download policy without SharePoint Premium license.

Troubleshooting hint :Upgrade your SharePoint license to Premium to use the SharePoint block download policy in PowerShell.

Error: Cannot restore the current version.

This error occurs when you try to restore the latest version of the file.

Troubleshooting hint :You cannot restore the current version of the file because it is currently active. Try restoring earlier versions of the file instead.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Audit File Usage in SharePoint Online