SharePoint: Find Permission Changes using Audit Reports

Requirement: Get all permission changes in a SharePoint site collection.

Auditing permission changes is critical for SharePoint Online security. Audit reports provide permission changes reports to track changes to security such as modifications to permissions, permission inheritance, group membership, and security-related events.

Update:SharePoint Online Site Collection audit logs are disabled and can’t be accesssed from both Web UI and CSOM methods! Instead, you have to use the Unified Audit Logs from Compliance Center: How to View SharePoint Online Audit Log from Security & Compliance Center?

Step 1: Activate the “Reporting” feature for the Site Collection

Activate “Reporting” feature if it’s not activated already.

  • Navigate to “Site Settings” >> Under “Site Collection Administration”, Click on “Site collection features”
  • Click on “Activate” button next to “Reporting” 

Step 2: Configure Audit Settings for Permission Changes

The next step is to enable security changes to flag for auditing. Here is how to enable audit for permission changes in SharePoint:

  • Create a new document library to store audit logs
  • Go to “Site Settings” >> Click on “Site collection audit settings” >> Enable “Editing Users and Permissions” events to audit under the “List Libraries and Sites” settings.
    audit permission changes in sharepoint online

Step 3: View Audit Logs

To view all audit logs of security changes, 

  • Go to “Site Settings” >> Click on “Audit log reports” under “Site Collection Administration”
  • Click on the “Security Settings” report to view all permission changes made in your SharePoint Online site collection
  • Specify the report location and click on “OK” to run the report.
    sharepoint online security audit

Salaudeen Rajack

Information Technology Professional with Two decades of SharePoint Experience.

Leave a Reply