SharePoint Online: Find Permission Changes using Audit Reports

Requirement: Get all permission changes in a SharePoint Online site collection.

Auditing permission changes is critical for SharePoint Online security. Audit reports provides permission changes report to track changes to security such as modifications to permissions, permission inheritance, group membership and security related events.
Update:SharePoint Online Site Collection audit logs are disabled and can't be accesssed from both Web UI and CSOM methods! Instead, you have to use the Unified Audit Logs from Compliance Center: How to View SharePoint Online Audit Log from Security & Compliance Center?
Step 1: Activate "Reporting" feature for the Site Collection
Activate "Reporting" feature if its not activated already.
  • Navigate to "Site Settings" >> Under "Site Collection Administration", Click on "Site collection features"
  • Click on "Activate" button next to "Reporting" 

Step 2: Configure Audit Settings for Permission Changes
The next step is to enable security changes flag for auditing. Here is how to enable audit for permission changes in SharePoint Online:
  • Create a new document library to store audit logs
  • Go to "Site Settings" >> Click on "Site collection audit settings" >> Enable "Editing Users and Permissions" events to audit under the "List Libraries and Sites" settings.
    audit permission changes in sharepoint online

Step 3: View Audit Logs
To view all audit logs of security changes, 
  • Go to "Site Settings" >> Click on "Audit log reports" under "Site Collection Administration"
  • Click on the "Security Settings" report to view all permission changes made in your SharePoint Online site collection
  • Specify the report location and Click on "OK" to run the report.
    sharepoint online security audit

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.