This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

SharePoint Online Auditing

As the need for sharing files in Microsoft 365 has increased due to hybrid work practices, admins must protect the organization's data from harmful attacks. For securing sensitive data, periodic monitoring of user permissions to site contents, sharing & access, file activities, and DLP actions is essential. AdminDroid SharePoint Online Auditing tool provides far-reaching details at their fingertips,making SharePoint audit a piece of cake for admins. They can finely slice and dice data for analysis, schedule reports, get alerts for suspicious activities, etc.

SharePoint Online Auditing

SharePoint Online Auditing

SharePoint Site Collections and Groups Site Collections Created Site Collections Added Site Collection Admin Removed Site Collection Admin Requested Site Admin Permissions SharePoint Groups Created Groups Updated Groups Deleted Groups Added User or Group to SharePoint Group Removed User or Group from SharePoint Group Added External User to SharePoint Group Removed External User from SharePoint Group
SharePoint Online Sharing and Access Access Requests Created Access Requests Accepted Access Requests Denied Access Requests All Access Request Events Sharing Invitations Created Sharing Invitations Accepted Sharing Invitations Revoked Sharing Invitations External Sharing Invitations All Sharing Invitation Events Company Links Created Company Shareable Links Removed Company Shareable Links Access Used a Company Shareable Links All Company Shareable Link Events Anonymous Links Created Anonymous Links Removed Anonymous Links Updated Anonymous Links Accessed Anonymous Links All Anonymous Link Events User Shares Shared File, Folder, or Site Unshared File, Folder, or Site
SharePoint Online File and DLP Activities File Activities Accessed Files Admins Accessed Files Modified Files Uploaded Files Downloaded Files Admins Downloaded Files Renamed Files Copied Files Moved Files Deleted Files Restored Files Previewed Files Admins Previewed Files Library Activities All File Activities by Admins All SharePoint File Activities DLP Actions SharePoint DLP Rule Matches DLP Rule Undo All DLP Actions
SharePoint Folder and Page Activities Folder Activities Created Folders Modified Folders Renamed Folders Moved Folders Copied Folders Deleted Folders Restored Folders All Folder Activities Page Activities Viewed Pages External User Page Activities All Page Activities

Site Collection Memberships & Group Memberships Auditing

Microsoft recommends that the high-priority SharePoint privileges like site admins and group owners are assigned to the minimal number of users only based on the requirements. Thus, admins should always have an eye on the site admin and group membership changes.

Beware of site collection admin rights and group owner rights assigned to users to prevent privileged access from falling into the wrong hands.

Get to know the changes made in the site collection admins, group owners, admin change requests, external user additions and removals, etc., using AdminDroid.

Site Collection Memberships & Group Memberships Auditing

SharePoint Online Sharing & Access Auditing

SharePoint Online Sharing & Access Auditing

SharePoint admins should track the anonymous link sharing and access that happened in the organization to avoid data theft. Thereby, admins can change the external sharing setting to protect data for a site or an entire organization.

AdminDroid lends a hand to track SPO data sharing and access like external user invites, access request approvals, company links and anonymous links access, and much more.

Keep your eyes on the sharing and access activities in SharePoint Online to safeguard your data from any threats. Tracking the details helps to restrict sensitive data leakage, and admins can customize the reports to analyze the required data.

SharePoint Online Files & DLP Activity Auditing

Securing sensitive information like credit card numbers, SSNs, and passport numbers are prominent while sharing content using SharePoint. So, admins can protect sensitive info using DLP policy configurations.

Pay attention to SharePoint Online file activities and Data Loss Prevention actions to shelter sensitive data from various attacks or threats.

AdminDroid assists you in examining the file downloads, file deletions, file accesses, DLP rule matches, etc. Getting adminā€™s file activities separately is a trump card of this tool.

SharePoint Online Files & DLP Activity Auditing

SharePoint Online Folders & Page Activity Auditing

SharePoint Online Folders & Page Activity Auditing

As the guests have unlimited access to files & folders in a SharePoint site, it needs to be addressed and controlled by the admins. It might lead to malicious files uploading into the folders. To avoid such attacks, admins need to keep track of folder and page activities.

Keep tabs on the SharePoint Online folder and page activities to manage unnecessary folder accesses efficiently.

Look into the renamed folders, deleted folders, moved folders across sites, copied folders, restored folders, viewed pages, and external user page activities using crystal-clear details, and insightful charts in AdminDroid.

Alerting for SharePoint Online

Get warned about offensive activities done by the users in the SharePoint Online environment to prevent data leakage and threats, as users have the ability to share files with insiders and outsiders of the organization. AdminDroid provides several default alert policy templates that are ready to use, making it easier for administrators. Additionally, admins can configure custom alert policies based on the company's specific requirements.

Default Alert Policy Templates

AdminDroid provides 48 ready-to-use alert policy templates for much-needed audit activities with required conditions. Find the default alert templates for SharePoint activities below.

Alerts on SharePoint Online Anonymous File Activities

Anonymous Link Creations

Unusual Volume of Anonymous Link Creations

Resources Accessed Using Anonymous Links

Unusual Anonymous User File Activities

Anonymous Link Creations

Anonymous link creations need to be observed by admins to know the details about who created the link, which file is shared, etc. AdminDroidā€™s anonymous link creation alerts let admins identify the activity instantly and verify that the link has been created only based on the requirements.

Unusual Volume of Anonymous Link Creations

When anonymous link creation becomes unusual, it may be a possibility for suspicious activities in the organization. It should be noticed and verified by the admins immediately. Using anonymous link creation alerts, admins can address suspicious activity instantly.

Resources Accessed Using Anonymous Links

Anonymous links are shared URLs that don't require authentication, so anyone with the link can access the file or folder. It may create a pathway for attackers entering the organization easily.By receiving an alert for anonymous link access, the organization can keep track of who is accessing sensitive data and take appropriate action if necessary.

Unusual Anonymous User File Activities

Based on requirements, users will share files or folders with anonymous users. Though admins allow anonymous sharing, they need to closely monitor the file modifications made by anonymous users to avoid misuse of SharePoint files. Get alerts on unusual anonymous user file activities in the organization to secure the data.

Alerts on SharePoint Online External File Activity

Unusual Volume of External File Sharing

Unusual External User File Access Activity

Unusual number of Site Invitations Shared to External Users

Unusual Volume of External File Sharing

Files shared with external users or domains are necessary if we have external site members. But when the file-sharing becomes more than usual, admins need to check and ensure that only the required files are shared outside the organization. Admins can take instant steps by getting unusual external file-sharing alerts.

Unusual External User File Access Activity

It is usual to allow external users to access SharePoint Online files for various purposes. But there is a possibility of data theft or attacks on the files when file access becomes unusual. To protect sensitive content, admins need to ensure that the file accesses have happened only for valid organizational purposes. Getting 'unusual external user file access' alerts will help admins address unusual file access by external users and take necessary actions immediately.

Unusual number of Site Invitations Shared to External Users

When an external user has access to the site, they can access the site contents and files and modify them based on the given permission. It may lead to illegal use of site content, unnecessary file access, and modifications. So, when the site invites shared to external users become more than usual, admins should check and enquire about it with the respective user. Using the AdminDroid alerts, admins can get notified about site invitations shared with external users in the organization.

Alerts on SharePoint Online File Activity

Unusual Volume of File Deletions

Accessed SharePoint Files

SharePoint DLP Rule Matched Documents

Unusual Volume of File Deletions

Bulk file deletion might be due to insufficient storage in the respective site. On the other hand, we need to address whether the user who deletes the file will leave the organization soon or is an external user to prevent data misuse. Get alerts on unusual SharePoint file deletion activity happening in the organization.

Accessed SharePoint Files

As the organizationsā€™ confidential data has stored in the SharePoint Online files, users may exploit it. So, admins need to observe the SharePoint file access activity periodically. Using the SharePoint file access alert, admins can know the file accesses in the organization.

SharePoint DLP Rule Matched Documents

The Data Loss Prevention rules are used to check whether the configured sensitive content is available in the files shared in SharePoint Online. When a rule match occurs for any document, admins should look into this to prevent the loss of sensitive content like credit card numbers, SSNs, etc. Getting alerts on DLP rule-matched documents helps to identify the activity and protect the data immediately.

Show All