SharePoint Online auditing tool

A SharePoint admin or Global admin must protect the organization's files and data from various threats and harmful attacks. Due to hybrid work practices all over the world, the need for sharing files has increased. Therefore, hackers may find it easy to steal data in various ways. Periodic monitoring of user permissions to site contents, sharing and access, file activities, and DLP actions will help protect the organization's data. AdminDroid SharePoint Online Auditing tool provides far-reaching details at their fingertips. With its advanced features, auditing every activity happening in the organization becomes a piece of cake for admins. Also, they can finely slice and dice the data for analysis, schedule reports for periodic monitoring, get alerts for suspicious activities, etc.

Live Demo

Download

SharePoint Online Auditing

SharePoint Site Collections and Groups Site Collections Created Site Collections Added Site Collection Admin Removed Site Collection Admin Requested Site Admin Permissions SharePoint Groups Created Groups Updated Groups Deleted Groups Added User or Group to SharePoint Group Removed User or Group from SharePoint Group Added External User to SharePoint Group Removed External User from SharePoint Group

SharePoint Online Sharing and Access Access Requests Created Access Requests Accepted Access Requests Denied Access Requests All Access Request Events Sharing Invitations Created Sharing Invitations Accepted Sharing Invitations Revoked Sharing Invitations External Sharing Invitations All Sharing Invitation Events Company Links Created Company Shareable Links Removed Company Shareable Links Access Used a Company Shareable Links All Company Shareable Link Events Anonymous Links Created Anonymous Links Removed Anonymous Links Updated Anonymous Links Accessed Anonymous Links All Anonymous Link Events User Shares Shared File, Folder, or Site Unshared File, Folder, or Site

SharePoint Online File and DLP Activities File Activities Accessed Files Admins Accessed Files Modified Files Uploaded Files Downloaded Files Admins Downloaded Files Renamed Files Copied Files Moved Files Deleted Files Restored Files Previewed Files Admins Previewed Files Library Activities All File Activities by Admins All SharePoint File Activities DLP Actions SharePoint DLP Rule Matches DLP Rule Undo All DLP Actions

SharePoint Folder and Page Activities Folder Activities Created Folders Modified Folders Renamed Folders Moved Folders Copied Folders Deleted Folders Restored Folders All Folder Activities Page Activities Viewed Pages External User Page Activities All Page Activities

Site Collection Memberships & Group Memberships Auditing

Microsoft recommends that the high-priority SharePoint privileges like site admins and group owners are assigned to the minimal number of users only based on the requirements. Thus, admins should always have an eye on the site admin and group membership changes.

Beware of site collection admin rights and group owner rights assigned to users to prevent privileged access from falling into the wrong hands.

Get to know the changes made in the site collection admins, group owners, admin change requests, external user additions and removals, etc., using AdminDroid.

Explore More

Site Collection Memberships & Group Memberships Auditing

SharePoint Online Sharing & Access Auditing

SharePoint admins should track the anonymous link sharing and access that happened in the organization to avoid data theft. Thereby, admins can change the external sharing setting to protect data for a site or an entire organization.

AdminDroid lends a hand to track SPO data sharing and access like external user invites, access request approvals, company links and anonymous links access, and much more.

Keep your eyes on the sharing and access activities in SharePoint Online to safeguard your data from any threats. Tracking the details helps to restrict sensitive data leakage, and admins can customize the reports to analyze the required data.

Explore More

SharePoint Online Files & DLP Activity Auditing

Securing sensitive information like credit card numbers, SSNs, and passport numbers are prominent while sharing content using SharePoint. So, admins can protect sensitive info using DLP policy configurations.

Pay attention to SharePoint Online file activities and Data Loss Prevention actions to shelter sensitive data from various attacks or threats.

AdminDroid assists you in examining the file downloads, file deletions, file accesses, DLP rule matches, etc. Getting admin’s file activities separately is a trump card of this tool.

Explore More

SharePoint Online Files & DLP Activity Auditing

SharePoint Online Folders & Page Activity Auditing

As the guests have unlimited access to files & folders in a SharePoint site, it needs to be addressed and controlled by the admins. It might lead to malicious files uploading into the folders. To avoid such attacks, admins need to keep track of folder and page activities.

Keep tabs on the SharePoint Online folder and page activities to manage unnecessary folder accesses efficiently.

Look into the renamed folders, deleted folders, moved folders across sites, copied folders, restored folders, viewed pages, and external user page activities using crystal-clear details, and insightful charts in AdminDroid.

Explore More

Alerting for SharePoint Online

Get warned about offensive activities done by the users in the SharePoint Online environment to prevent data leakage and threats, as users have the ability to share files with insiders and outsiders of the organization. AdminDroid provides several default alert policy templates that are ready to use, making it easier for administrators. Additionally, admins can configure custom alert policies based on the company's specific requirements.

Default Alert Policy Templates

AdminDroid provides 48 ready-to-use alert policy templates for much-needed audit activities with required conditions. Find the default alert templates for SharePoint activities below.

Alerts on SharePoint Online Anonymous File Activities

Anonymous Link Creations

Anonymous link creations need to be observed by admins to know the details about who created the link, which file is shared, etc. AdminDroid’s anonymous link creation alerts let admins identify the activity instantly and verify that the link has been created only based on the requirements.

Unusual Volume of Anonymous Link Creations

When anonymous link creation becomes unusual, it may be a possibility for suspicious activities in the organization. It should be noticed and verified by the admins immediately. Using anonymous link creation alerts, admins can address suspicious activity instantly.

Resources Accessed Using Anonymous Links

Anonymous links are shared URLs that don't require authentication, so anyone with the link can access the file or folder. It may create a pathway for attackers entering the organization easily.By receiving an alert for anonymous link access, the organization can keep track of who is accessing sensitive data and take appropriate action if necessary.

Unusual Anonymous User File Activities

Based on requirements, users will share files or folders with anonymous users. Though admins allow anonymous sharing, they need to closely monitor the file modifications made by anonymous users to avoid misuse of SharePoint files. Get alerts on unusual anonymous user file activities in the organization to secure the data.

Alerts on SharePoint Online External File Activity

Unusual Volume of External File Sharing

Files shared with external users or domains are necessary if we have external site members. But when the file-sharing becomes more than usual, admins need to check and ensure that only the required files are shared outside the organization. Admins can take instant steps by getting unusual external file-sharing alerts.

Unusual External User File Access Activity

It is usual to allow external users to access SharePoint Online files for various purposes. But there is a possibility of data theft or attacks on the files when file access becomes unusual. To protect sensitive content, admins need to ensure that the file accesses have happened only for valid organizational purposes. Getting 'unusual external user file access' alerts will help admins address unusual file access by external users and take necessary actions immediately.

Unusual number of Site Invitations Shared to External Users

When an external user has access to the site, they can access the site contents and files and modify them based on the given permission. It may lead to illegal use of site content, unnecessary file access, and modifications. So, when the site invites shared to external users become more than usual, admins should check and enquire about it with the respective user. Using the AdminDroid alerts, admins can get notified about site invitations shared with external users in the organization.

Alerts on SharePoint Online File Activity

Unusual Volume of File Deletions

Bulk file deletion might be due to insufficient storage in the respective site. On the other hand, we need to address whether the user who deletes the file will leave the organization soon or is an external user to prevent data misuse. Get alerts on unusual SharePoint file deletion activity happening in the organization.

Accessed SharePoint Files

As the organizations’ confidential data has stored in the SharePoint Online files, users may exploit it. So, admins need to observe the SharePoint file access activity periodically. Using the SharePoint file access alert, admins can know the file accesses in the organization.

SharePoint DLP Rule Matched Documents

The Data Loss Prevention rules are used to check whether the configured sensitive content is available in the files shared in SharePoint Online. When a rule match occurs for any document, admins should look into this to prevent the loss of sensitive content like credit card numbers, SSNs, etc. Getting alerts on DLP rule-matched documents helps to identify the activity and protect the data immediately.

Alerts on SharePoint Online Anonymous File Activities

Anonymous Link Creations

Unusual Volume of Anonymous Link Creations

Resources Accessed Using Anonymous Links

Admins should keep an eye on files or folders accessed by anonymous users through anonymous links. It may create a pathway to attackers entering into our organization easily. Prevent the misuse of data by getting an alert when a file or folder is accessed using the shared anonymous links in the organization.

Unusual Anonymous User File Activities

Alerts on SharePoint Online External File Activity

Unusual Volume of External File Sharing

Files shared to external users or domains are necessary if we have external site members. But when the file-sharing becomes more than usual, admins need to check and ensure that only the required files are shared outside the organization. Admins can take instant steps by getting unusual external file sharing alerts.

Unusual External User File Access Activity

It is usual to allow external users to access the SharePoint Online files for various purposes. But there is a possibility of data theft or attacks on the files when file access becomes unusual. To protect sensitive content, admins need to ensure that the file accesses have happened only for valid organizational purposes. Getting 'unusual external user file access' alerts will help admins address the activity and take necessary actions immediately.

Unusual number of Site Invitations Shared to External Users

Alerts on SharePoint Online File Activity

Unusual Volume of File Deletions

Accessed SharePoint Files

As the organizations’ confidential data has stored in the SharePoint Online files, users may exploit the confidential data. So, admins need to observe the SharePoint file access activity periodically. Using the SharePoint file access alert, admins can know the file accesses in the organization.

SharePoint DLP Rule Matched Documents

The Data Loss Prevention rules are used to check whether the configured sensitive content is available in the files shared in SharePoint Online. When a rule match occurs for any document, admins should look into this to prevent the loss of sensitive content like credit card numbers, SSN, etc. Getting alerts on DLP rule-matched documents helps to identify the activity and protect the data immediately.

SharePoint Online Reporting

AdminDroid SharePoint Online reporting tool gives detailed reports on site collections, sites, site users, groups, lists, document libraries, SharePoint usage, and more.

Site Collections

Get detailed info on all SharePoint Online site collections, sharing configurations, and upgrade info in the organization.

Know more

SharePoint Online Sites

Obtain details on site creations, site sharing configurations, recycle bin disabled sites, custom site permissions, project web apps, etc.

Know more

Site Users

Analyze info on site users, guest users, site admins, and site owners in the tenant. Identify inactive site users based on last file access, file sync, external and internal share, and page access.

Know more

Site Collection Groups

Attain stats on SharePoint Online groups, empty groups, security groups, and group membership details.

Know more

Lists & Document Libraries

Have a look at SharePoint Online lists and document library details like hidden lists, inactive lists, empty libraries, IRM enabled, no versioning, custom permissions, and more.

Know more

Daily Activation Summary

Identify users’ daily activity like file activity, file accesses, file sync, internal and external file sharing, page visits, etc. Also, get daily site usage info like active files, page views, active sites, and site storage.

Know more