SharePoint: Find Permission Changes using Audit Reports

Requirement: Get all permission changes in a SharePoint site collection.

Auditing permission changes are critical for SharePoint Online security. Audit reports provide permission changes reports to track changes to security such as modifications to permissions, permission inheritance, group membership, and security-related events. This blog post will show you how to find permission changes in SharePoint using the audit log report. This report will help you track and monitor permission changes to your SharePoint site.

Update:SharePoint Online Site Collection audit logs are disabled and can’t be accesssed from both Web UI and CSOM methods! Instead, you have to use the Unified Audit Logs from Compliance Center: How to View SharePoint Online Audit Log from Security & Compliance Center?

Step 1: Activate the “Reporting” feature for the Site Collection

Activate the “Reporting” feature if it’s not activated already.

  1. Navigate to “Site Settings” >> Under “Site Collection Administration”, Click on “Site collection features”
  2. Click on “Activate” button next to “Reporting” 

Step 2: Configure Audit Settings for Permission Changes

The next step is to enable security changes to flag for auditing. Here is how to enable audit for permission changes in SharePoint:

  1. Create a new document library to store audit logs
  2. Go to “Site Settings” >> Click on “Site collection audit settings” >> Enable “Editing Users and Permissions” events to audit under the “List Libraries and Sites” settings.
    audit permission changes in sharepoint online

Step 3: View Audit Logs

To view all audit logs of security changes, 

  1. Go to “Site Settings” >> Click on “Audit log reports” under “Site Collection Administration”
  2. Click on the “Security Settings” report to view all permission changes made in your SharePoint Online site collection
  3. Specify the report location and click on “OK” to run the report.
    sharepoint online security audit

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

One thought on “SharePoint: Find Permission Changes using Audit Reports

  • I would highly encourage the author to confirm these settings still exist in their SharePoint Online tenant. I believe as of August, 7th 2023 this is no longer available.


Leave a Reply

Your email address will not be published. Required fields are marked *