Office 365: Search audit log properties documented

A brief not to administrators of Office 365 environments dealing with search audits. The results of a search audit log from the Office 365 Security & Compliance Center can be exported and saved as a CSV file. Microsoft recently documented the property values in the export file.


Advertising

Do you need to find out whether a user has viewed a particular document or removed an item from their mailbox? You can use the Office 365 Security & Compliance Center to search the unified audit log for user and administrator activity in your Office 365 organization. Microsoft has published details in Search the audit log in the Office 365 Security & Compliance Center.

If you export the results of such an audit log search from the Office 365 Security & Compliance Center, you have the option to download all results that match your search criteria. All results (the raw data) for an audit log search are copied to a Comma Separated Value (CSV) file during export. This file contains additional information from the audit log entry in a column named Detail. This column contains a multi-value property for multiple properties from the audit log record. Each of the property:value pairs in this multi-value property is separated by a comma. But what is the meaning of these entries? I have become aware of a document through a tweet, which contains exactly this information.

This Microsoft document describes the properties contained in the Multi-Property Detail column, depending on the Office 365 service in which an event occurs. The Office 365 service that contains this property column displays the service and type of activity (user or administrator) that contains the property. For detailed information about these properties or properties that might not be listed in this topic, see Office 365 Management Activity API-Schema.


Advertising

This entry was posted in Office and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).