SharePoint Online

How to Audit File Usage in SharePoint Online

Imagine you upload a confidential project report to SharePoint Online, where your team can collaborate and co-author in real time. Such scenarios can be challenging to manage as multiple users access and modify the files, potentially risking the loss of important information. This guide will show you how to audit file usage in SharePoint Online and provide valuable insights to secure your important files from unauthorized access and accidental changes.

Using Windows PowerShell Script

Microsoft 365 Permission Required

View-Only Audit Logs role Least Privilege

Global Admin Most Privilege

The ‘Search-UnifiedAuditLog’ cmdlet helps you audit file usage in SharePoint Online, but it cannot retrieve the filenames associated with the activities.
To overcome the cmdlet’s limitation, we've developed a PowerShell script that exports a detailed file usage audit report in SharePoint Online, including file names.
The script is designed to generate two different file usage reports, one for all activities related to SharePoint Online files and another for OneDrive files.
For SharePoint file usage report, run the script with the parameter SharePointOnline as shown below.
./AuditFileActivities.ps1 -SharePointOnline

AuditFileActivities.ps1

To get OneDrive file usage report, simply replace SharePointOnline with OneDrive.

Using Microsoft 365 Purview Compliance Portal

Microsoft 365 Permission Required

View-Only Audit Logs role Least Privilege

Global Admin Most Privilege

Login to the Microsoft 365 Purview compliance portal and navigate to the Audit section.
Customize the start and end dates as per your requirement.
In the Record types section, select SharePointFileOperation and enter the desired name in the Search name field.
Hit the Search button. Once the search is completed, you can export the SharePoint Online file usage report for offline access.

Using Microsoft 365 Purview Compliance Portal

Note: Events may not appear in the audit log immediately after they occur. There can be a delay ranging from a few minutes to several hours.

Using AdminDroid
Simple & Quick

AdminDroid Permission Required Delegated

Any user with report access assigned by the Super Admin.

Login to the AdminDroid Office 365 reporter.
Navigate to the All Activities Related to SharePoint Files report under Audit»SharePoint»File Change Activities.

AdminDroid SharePoint Online Reporter

Take control of your SharePoint Online files with comprehensive audit reports!

The SharePoint Online auditing tool stands unparalleled in tracking file usage with its exhaustive insights into SharePoint file activities. It includes individual reports for auditing file access, file management, file change activities, and more.

Track File Changes with Scheduled Reports

Schedule reports to receive up-to-the-minute updates on SPO file modification activities and keep track of recently modified documents on your SharePoint site.

Efficiently Recover Files in SharePoint Online

Track SharePoint Online file deletion activities to identify and restore accidentally deleted documents for quick recovery of crucial files.

Holistic View of Document libraries

Keep your Microsoft 365 files organized and secure by listing document libraries in SPO to streamline document management.

Check File Access Trends with a Quick Summary

Monitor SharePoint file access statistics to get a daily summary of files accessed or edited by every user in your organization.

Manage SharePoint Online storage with Active File Counts

Track daily active file counts to optimize SharePoint Online storage, ensuring efficient use of resources and avoiding storage limitations.

Customization Options for Optimal SPO Site Analytics

Customize your SharePoint site usage analytics reports with AdminDroid’s Microsoft 365 reporting features, including data filtration, column merging, and more.

Therefore, the AdminDroid SharePoint Online auditing tool assists you in the following scenarios:

Uncover files that haven't been accessed or modified in a long time to free up space for active files.
Analyze file activities in document libraries to identify and address potential security risks.
Gain insights into file or folder sharing in SPO site to avoid uncontrolled anonymous access.

Explore a full range of reporting options

Download Live Demo

Important Tips

Set up network location-based access for SharePoint Online to ensure that users are allowed to access sensitive SPO files only from trusted locations.

View usage data for your SharePoint sites to identify inactive sites and delete any unwanted files from those sites.

Monitor file and folder sharing in SharePoint Online to prevent sensitive files from being disclosed publicly due to misconfigurations.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints when auditing file usage in SharePoint Online.

Error Sorry, something went wrong. The following users do not have e-mail addresses specified: username. Alerts have been created successfully but these users will not receive notifications until valid e-mail or mobile addresses have been provided.

This error occurs when there is no email address associated with the SharePoint Online user profile. Commonly it happens when the user does not have an Exchange Online license assigned to their account.

Fix Assign Exchange Online license to the user. Then in the SharePoint admin center, navigate to , edit the Work email property to allow user edits, and ensure it is set as Replicable.

Error The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

This error occurs when you try to get items within a document library that exceeds the view threshold of 5000 items.

Fix Split and distribute the files to different document libraries.

Error Cannot create the file request. "Anyone links with folder edit" permission must be enabled in your organization.

This error occurs when you try to get files within a folder which you don’t have permission to do it.

Fix Global or SharePoint admin might disabled anyone link or assigned only view permission to the users or group. Ask them to provide edit permission to access the files in that folder.

Error Set-SPOSite : You do not have required licenses to perform this operation. Please read here for licensing related requirements: https://learn.microsoft.com/en-US/sharepoint/block-download-from-sites

This error occurs when you try to execute the block download policy without SharePoint Premium license.

Fix Upgrade your SharePoint license to Premium to use the SharePoint block download policy in PowerShell.

Error Cannot restore the current version.

This error occurs when you try to restore the latest version of the file.

Fix You cannot restore the current version of the file because it is currently active. Try restoring earlier versions of the file instead.

SharePoint Online

Frequently Asked Questions

Identify File Activities and Manage Modifications with SharePoint Online File Usage Analytics!

How to see who has viewed or accessed a file on SharePoint Online?

How to get notifications when a file is modified in SharePoint Online?

How to manage file version history in SharePoint Online?

How to track file uploads in SharePoint Online?

How to restrict users from downloading files in SharePoint Online?

1. How to see who has viewed or accessed a file on SharePoint Online?

Monitoring file access on SharePoint Online helps track who views documents, ensuring that only authorized people see important information. By default, SharePoint does not display extensive metrics, but site owners can activate a specific site-level feature to see users who have accessed files.

Enable SharePoint Viewers Feature

Navigate to the desired SharePoint Online site.
Click on Manage site features under Settings»Site information»View all site settings»Site Actions.
Click Activate next to the SharePoint Viewers feature.
After activating this feature, site members and admins can see the file viewers' statistics by hovering over a file.

Disable File Viewers’ Names

Navigate to Policies»Sharing from the SharePoint Online admin center.
Under Other settings, uncheck the "Let site owners choose to display the names of people who viewed files or pages in SharePoint".
Now, site admins and members can only see the number of views on the file. But they cannot view the users who accessed the file.

PowerShell Script to Find File Viewers

Download and execute the given script below to audit file access in SharePoint Online.

AuditFileAccess.ps1

You can use this script to track recently accessed SharePoint files, files accessed by external users, and list of files accessed by a specific user within a custom timeframe.

Transform your SharePoint Online security approach with AdminDroid's file access report!

Just navigate to Audit»SharePoint»File Access Activities in AdminDroid to find the SharePoint file access history report and SPO file access by admins report under 'All Admin Activities'.
Handy Tip: Use the Accessed File easy filter to view all access activities on important files.

2. How to get notifications when a file is modified in SharePoint Online?

SharePoint alerts enable you to receive real-time notifications when a file is modified. This will help you to stay informed about any unwanted modifications to sensitive files.

Follow the steps below to create alerts for specific files in SharePoint Online:

Navigate to the document library or list and choose the file for which you want to get alerted.
Click the ... (ellipses) and choose "Alert Me".
Give a name for the alert in the Alert Title field, specify e-mail addresses/usernames in the Send Alerts To field and choose E-mail as the Delivery Method.
Under Send Alerts for These Changes, select Anything changes.
For When to Send Alerts, choose Send notification immediately and then click "OK" to save.

Never miss any changes made to SharePoint Online files with AdminDroid's real-time alerts!

Instant Setup: Create alerts directly from the report page with just a few clicks, streamlining the process and saving valuable time.
Pre-built Monitoring: Identify suspicious activities like unusual volume of file downloads and accessed SharePoint files with in-built alert policies.
Granular Control: Fine-tune your alert policies using the intuitive preview console and easily modify their thresholds according to your requirements.

Handy Tip: You can easily modify policy configurations and update the status in the dedicated 'Alerts' page anytime.

3. How to manage file version history in SharePoint Online?

SharePoint Online offers co-authoring on files, allowing multiple users in your organization to contribute to a single file simultaneously. Therefore, it's crucial to track changes to ensure that important information in these documents is not modified. With SharePoint Online version history settings, you can monitor changes and restore critical versions.

View file history in SharePoint Online

You can see the file history in SharePoint Online by following the steps below:

Navigate to the Site contents page from the desired SharePoint site. Then, select the library or list where the file is located.
Right-click on the file and select Version history. In the pop-up window, hover over the desired version’s 'Modified date' and click the arrow icon next to the date.
For all file versions except the latest, you have the option to View, Restore, and Delete, while the latest version only shows the options to View and Restore.
To restore the previous version of a file, click on the Restore option. However, to perform any other operation, click on View.
The available actions include managing the file copies, sending notifications, checking out the file, or creating a workflow.

Note: The available options may differ for the latest and earlier file versions.

Manage files that have no checked-in version

In SharePoint Online, enabling "Require Check Out" ensures users check out the documents before editing and check-in them after modifications. If users forget to check-in, the files become "Files with No Checked-in Version" and are only visible to the uploader, disrupting collaboration. Managing these files is essential for collaborative access.

You can take control of these no checked in version files and make them checked-in.

Navigate to the site where "no checked-in version files" are located.
Go to Settings»Library settings»More library settings, and click on Manage files which have no checked-in version under Permissions and Management.
Select files you want to take ownership of and hit the Take Ownership of Selection button at the top.
After taking ownership, documents are removed from this section and appear in the document library or list where they were uploaded, remaining visible only to you until they are checked-in.
Once you checked-in the file, it will be visible to all the site members.

Master your SharePoint document lifecycle with AdminDroid's file version control reports!

Proactively manage document lifecycles and enhance collaborative workflows with the help of AdminDroid's detailed reports on checked-out and checked-in files in SharePoint Online.
Pro Tip: Start by using the checked-out files report to track who has checked out and edited the documents. Then, use the checked-in files report to ensure the documents are properly checked-in after modification.

4. How to track file uploads in SharePoint Online?

Tracking file uploads in SharePoint Online is essential for effective storage management. When users upload multiple files or unusually large volumes, it can significantly increase site storage and impact overall efficiency. By monitoring file uploads, you can identify the users responsible and take proactive measures to manage storage capacity.

Here are the steps to monitor file upload activities in SharePoint Online.

Connect to Exchange Online PowerShell using the cmdlet below.
```
Connect-ExchangeOnline
```

Execute the following cmdlet to export the SharePoint Online file upload audit data to a CSV file.

Search-UnifiedAuditLog -StartDate <MM/DD/YYYY> -EndDate <MM/DD/YYYY> -Operations FileUploaded | Export-Csv -Path <Location>

File upload size limitation

In SharePoint Online, the file upload size limit cannot be changed.

The maximum file upload size limit in SharePoint Online is 250 GB per file.
Document libraries and lists in SPO can hold up to 30 million items.
Each SharePoint Online site collection can be up to 25 TB in size.

Note: However, you can increase the maximum file upload size in SharePoint Server.

Moving and copying files across sites

When moving or copying files across SharePoint sites, make sure to:

Keep the total file size below 100 GB.
Limit the number of files to 30,000.
Ensure OneNote files are under 2 GB and other files under 15 GB.

Harness the power of AdminDroid's detailed file upload activities audit report to detect and prevent unusual file uploads!

Simply navigate to Audit»SharePoint»File Management Activities»Uploaded SharePoint Files to see all the SharePoint file upload activities in one place.
The report consists of file uploaded time, name, extension, username, IP address of the user, etc.

Handy Tip: Use Uploaded by graph to find the users who are responsible for unusual number of file uploads and to manage storage consumption.

5. How to restrict users from downloading files in SharePoint Online?

Preventing users from downloading files ensures that they are not modified outside your SharePoint Online environment, maintaining the integrity of important data. It also helps manage network bandwidth, especially where large files are frequently downloaded.

Follow the steps below to stop users from downloading files.

Connect to SharePoint Online PowerShell using the cmdlet below.
```
Connect-SPOService –Url <AdminCenterURL>
```
Run the following cmdlet to block downloads for all users in a SPO site.
```
Set-SPOSite –Identity <SiteURL> -BlockDownloadPolicy $true
```

Note: You need a SharePoint Premium license to use the block download policy for SharePoint sites.

Alternatively, you can create a custom permission level to enforce similar restrictions without needing a Premium license.

Navigate to the desired SharePoint site, then go to Settings»Site permissions»Advanced permission settings.
Click on 'Permission Levels' from the top and then select Add a Permission Level.
Select the View Items and View Application Pages under List Permissions, then hit the 'Create' button.
Now, go to the Advanced permission settings page again and select the user or group to block downloading.
Hit the 'Edit User Permissions' option on the top and then select the permission you have created.
Click the 'OK' button.

Note: You must be a site owner to access the advanced permission settings page.

Gain granular visibility into file download activities within SharePoint Online using AdminDroid!

With the SharePoint file downloads report, you can easily identify internal company documents downloaded by unauthorized users and reduce the time spent on navigating through native audit logs.

Handy Tip: You can monitor who downloads confidential files by reviewing the Downloaded By column and restrict future downloads for those users if necessary.