SharePoint: Find Permission Changes using Audit Reports
Requirement: Get all permission changes in a SharePoint site collection.
Auditing permission changes are critical for SharePoint Online security. Audit reports provide permission changes reports to track changes to security such as modifications to permissions, permission inheritance, group membership, and security-related events. This blog post will show you how to find permission changes in SharePoint using the audit log report. This report will help you track and monitor permission changes to your SharePoint site.
Step 1: Activate the “Reporting” feature for the Site Collection
Activate the “Reporting” feature if it’s not activated already.
- Navigate to “Site Settings” >> Under “Site Collection Administration”, Click on “Site collection features”
- Click on “Activate” button next to “Reporting”
Step 2: Configure Audit Settings for Permission Changes
The next step is to enable security changes to flag for auditing. Here is how to enable audit for permission changes in SharePoint:
- Create a new document library to store audit logs
- Go to “Site Settings” >> Click on “Site collection audit settings” >> Enable “Editing Users and Permissions” events to audit under the “List Libraries and Sites” settings.
Step 3: View Audit Logs
To view all audit logs of security changes,
- Go to “Site Settings” >> Click on “Audit log reports” under “Site Collection Administration”
- Click on the “Security Settings” report to view all permission changes made in your SharePoint Online site collection
- Specify the report location and click on “OK” to run the report.
I would highly encourage the author to confirm these settings still exist in their SharePoint Online tenant. I believe as of August, 7th 2023 this is no longer available.