This is part of an ongoing series of Office 365 Best Practices which should in place for every organization – big or small, business or charity.
The Audit Log is a tool that tracks all user and admin account activity for 90 days – with the right licensing, it can keep even track activity up to one year. Most organizations should have this turned on, with the exception of large enterprise deployments which use an API to funnel logs elsewhere. Being able to track user/admin activity is key to investigating anamolies and possible incidents of exploitation or user misbehavior.
Turning this on is extremely easy:
1. Sign in to Protection.Office.com.
2. Select Search, then Audit Log Search.
3. If audit logging isn’t already on, you’ll see a banner asking if you want to turn it on:
…and, that’s it! Audit Logging is now activated, and you can easily track user activity. Happy auditing!