Articles and Insights

Get the latest news and updates from ECM Insights.

SharePoint Audit Logs : How to View and Keep Them

January 16, 2025

What Are SharePoint Audit Logs?

One of the most popular Document Management Systems available today is Microsoft's SharePoint Online. One reason why organizations all across the globe use SharePoint is because of its auditing features.

SharePoint audit logs are detailed records that track user activities and system events across your SharePoint environment. These logs provide insights into how users that use SharePoint for their information management system, interact with documents, lists, libraries, and sites.

Microsoft SharePoint Audit logs can capture events such as:

• File and folder activity
• Permissions changes
• Site administration activities
• Search queries
• User logins and logouts

Why Are SharePoint Audit Logs Important?

SharePoint Audit logs are far more than a technical feature, they are a critical tool for ensuring organizational accountability, data security, and compliance.

There are a few important reasons on why you should preserve your SharePoint Audit Logs:

1. Meet Regulatory and Compliance Requirements:
   Many industries are subject to stringent regulations requiring organizations to track and retain records of user activity. Examples include:
   • FDA (Food and Drug Administration) in the USA
   • GDPR (General Data Protection Regulation) in the EU.
   • HIPAA (Health Insurance Portability and Accountability Act) for healthcare in the U.S.A.
   • SOX (Sarbanes-Oxley Act) for financial reporting.
   • Law 25 in Quebec, Canada
   
   
2. Enhance Security and Detect Suspicious Activity:
   Cybersecurity threats, whether internal or external, pose a constant risk to organizational data. SharePoint Audit logs allow administrators to:
   • Monitor unauthorized access
   • Track unusual patterns
   • Trace security breaches
   
   
3. Support Internal Investigations and Accountability:
   Internal incidents, such as accidental data deletion or unauthorized access, can be difficult to investigate without a clear activity trail. SharePoint Audit logs provide the visibility needed to:
   • Resolve disputes over who accessed or modified a file.
   • Identify users responsible for accidental or malicious actions.
   • Promote accountability among employees and system administrators.
   
   

How Long Should You Keep Audit Logs?

The duration for which you retain audit logs depends on organizational needs, industry regulations, and storage capacity. Some regulations and industries require logs to be retained for years. For example:

• Clinical Trial Records (21 CFR Part 312 and Part 812):
  
  • Clinical trial records, including data collected electronically, must be retained for 2 years after the FDA approves a marketing application or 2 years after the trial is discontinued. The FDA oversees clinical trials to ensure they follow GxP regulations.
  
  
• Drug Manufacturing Records (21 CFR Part 211):
  
  • Batch production records must be retained for at least 1 year after the expiration date of the drug product.
  • For certain APIs or intermediates, records may need to be kept for up to 7 years.
  
  
• Medical Device Records (21 CFR Part 820):
  
  • Records related to the design history file (DHF), device master record (DMR), and quality system records must be retained for the lifetime of the device or at least 2 years after the device is no longer manufactured.
  
  
• HIPAA Retention Limits:
  
  • The HIPAA Security Rule mandates that covered entities and business associates routinely review records of information system activity. This review involves analyzing access reports and audit logs. Since access reports and audit logs play a critical role in informing any new procedures implemented based on the review, they must be retained for at least six years.
  
  

How can you view your SharePoint Audit Logs?

To view SharePoint Audit Logs, organizations can use the Microsoft Purview Portal to access to these logs. Advanced filtering and export capabilities are also available.

Note that Microsoft only keeps those audit log records for a short period of time depending on your licensing with Microsoft. With an E3 license, your audit logs are only kept for 180 days. With an E5 license, your audit logs are only kept for 1 year. After that, that audit history is gone.

Organizations wishing to preserve those logs for a longer period use Audit Vault for M365.

Learn More »

Audit Vault for M365 for SharePoint Audit Logs

ECM Insights Audit Vault for M365 will preserve your SharePoint Audit Logs for as long as you need them so your organization can avoid risk and stay regulatory compliant. With Audit Vault for M365, your SharePoint System becomes:

• Industry and Regulatory Compliant:
  
  • Audit Vault supports long term retention of your SharePoint Audit Logs. Your logs are kept for as long as you need to thereby achieving the required regulations of the industry and organization your organization belongs to.
  • SharePoint Audit Logs can be searched and exported using Audit Vaults advanced reporting solution. Reports are easier to use and access than Microsoft's Purview portal.'
• More Secure:
  
  • With Audit Vault, users can search for threats, detect unusual activities such as failed logins and bulk deletions in your SharePoint environment.
  • Scheduled Threat Monitoring can be enabled to ensure that and suspicious activity is detected as soon as possible.
• Accountable:
  
  • Run SharePoint Audit Log Reports to identify users responsible for accidental or malicious actions.
  • Run reports to determine what changes have been made to site permissions.

Get Audit Vault for M365 Today!

Don’t wait until it’s too late to preserve your SharePoint audit logs. Start a 14-day free trial today and see how Audit Vault for M365 can help you safeguard your SharePoint environment and become regulatory compliant.