Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

6 thoughts on “SharePoint Online: How to View Audit Log Reports in Security & Compliance Center?

  • Hi there,
    Does anyone know the answers to these questions?:

    (i) In the output reports is UserKey – eg :”i:0h.f|membership|[email protected]” – does anyone know how to find the corresponding UserID on the Microsoft system, eg thru admin screens? Does anyone know what this UserKey is?

    (ii) for deleted items – eg SharePoint list columns, for example – how can you find out the display name for the item? The audit report shows the ObjectId (xxxxxxxx-exxx-xxx7-bxxx-ab3fxxxfaxxx). Thanks!

  • Hello – What are the minimum roles required to run Search-UnifiedAuditLog? Possibly Compliance Administrator or Security Administrator, or is Global Administrator required? Thank you

    • Apart from minimum roles like “View-Only Audit Logs”, “Global Reader”, etc. You can use the Graph API to get the Logs.

  • How can I fetch large result set audit log, it throws error : Starting a command on the remote server failed with the following error message : The
    I/O operation has been aborted because of either a thread exit or an application
    request. For more information, see the about_Remote_Troubleshooting Help topic.
    And reestablish the connect but in mean while it doesn’t return record for given time interval, I am trying to fetch record of 30 minutes interval for given start and end date, also retry mechanism is applied still getting random result count

  • I have to extract all events of a specific file.. Please help.

    • Use “ObjectIds” parameter with your file name. E.g:
      $AuditLog = Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date).AddDays(+1) -Operations FileModified, FileAccessed, FileUploaded -ObjectIds -ResultSize 1000


Leave a Reply

Your email address will not be published. Required fields are marked *