Audit logs for OneDrive

Last week, a colleague asked me what possibilities of auditing that Onedrive has, but to be honest, no one likes being audited.

At the beginning, I was not sure about what to aswer, because I was sure that the Admin center has information about the tenant, but at the same time I was sure enough that the Admin center will not fulfil the requirements of the project.

I started digging into the O365, and I realize that exists and amazing feature called O365 audit log report inside the Compliance Center, it allows to seach the audit log to view user activity in the O365 organization, for example:

· User activity in SharePoint Online and OneDrive for Business

· User activity in Exchange Online (Exchange mailbox audit logging)

· Admin activity in SharePoint Online

· Admin activity in Azure Active Directory (the directory service for Office 365)

· Admin activity in Exchange Online (Exchange admin audit logging)

· User and admin activity in Sway

· User and admin activity in Power BI for Office 365

· User and admin activity in Yammer

If you want to know all the activities that you can select per category, visit: https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US

Knowing how to audit your information, it is an important feature and skill. Therefore, I want to introduce you how to activate all this data:

Access to you O365 tenant, Inside the Admin, go to Security section:

od1

Then click on Office 365 audit report to access Audition and reports, take into account that before you are able to create new reports, you will need to activate the record. So, let’s begin:

od2.png

od3.png

And select “Turn On”

od4.png

Then, you will need to wait for some time… After this time, you will be able to create activity reports, with many other filters (like date range, folders, etc…)

od5.jpg

Currently, the audit history is retained for 90 days, I suppose that will be possible to tell MS to extend the audit log, but take into account that it is possible to export results to CSV.

Another wonderful feature, is to create activity alerts to automate process, imagine that you need to keep an eye on specific events, so you can execute a search, and then click on add an alert, you will need to specify a recipient for the alert

od6.jpg

Therefore, when the audit detects a match between the alert and an event, it will trigger an email to the recipient specified.

As you can imagine, there are other options to detect events from the compliance center, for example using the APIs of Office 365.

Hope it helps!!

Which version of OneDrive I am running?

As a user, probably one day you would ask this question to yourself, so I will explain how to know which version of OneDrive 4 Business you’re running.

First of all, you will need to go to “C:Program FilesMicrosoft OfficerootOffice16”

Take into account that the directory will change in case you are using the 32 bit version or if you have installed the SO in another language.

Try to locate the Groove.exe application, right click and select properties, navigate to details tab and you will see there the version you’re running:

groove.png

Also is it possible to do this by clicking Crtl+Shift+Esc, go to Details tab, click on Groove.exe, right click, Properties, details and you will see the same version as showed before. And then… compare if it the last version or if you need to update the client

Hope it helps!