Back
Office 365

Auditing, reporting and storage improvements for SharePoint Online and OneDrive for Business

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Knowing who is taking action on content can be critical in helping your organization fulfill its compliance requirements. And as usage of a cloud service grows, it’s key for IT to strike the right balance between visibility and user enablement. Today, we’re announcing an important update for admins—the ability to audit and report on numerous activities that take place within SharePoint Online and OneDrive for Business, as well as new file size limits for files uploaded to SharePoint Online and OneDrive for Business.

Let’s dive into the details.

Auditing and reporting across numerous user and admin activities

Previously, we’ve announced a set of investments in auditing and reporting across several Office 365 services. We’ve now started to roll out some of these capabilities in the reports section of the Office 365 Compliance Center, including auditing and reporting on user and admin activities logged from SharePoint Online and OneDrive for Business, and the ability to view activities in Azure Active Directory (the directory service for Office 365) and Exchange Online.

From the Reports tab in the Compliance Center, you can create activity reports by clicking Start recording user and admin activities. Activities include file and folder actions such as view, create, edit, upload, download and delete; sharing actions like invitation and access requests; and synchronization activity. Reports can be tailored by user or by file within a specific date range. They could be used for instances like a compliance review where an admin or compliance officer needs to understand actions taken by one or more individuals within their OneDrive for Business or the actions taken by all people on a specific file in a SharePoint Online document library.

From the Office 365 Admin Center, open the Compliance Center and click the Reports tab to access the Office 365 activity reporting tool.

Currently, audit history is retained for 90 days and admins can export results to a CSV file for additional reporting in Excel. Auditing data can also be consumed using the Office 365 Management Activity API (now generally available), which provides a consistent schema across all activity logs and allows organizations and ISVs to integrate Office 365 audit data into their security and compliance monitoring and reporting solutions.

Learn more about how to search the audit log (includes information that describes all activities that are audited in Office 365). In future releases in Q2 of this year, we’ll be introducing new usage analysis reports that allow admins to see key metrics such as number of active users, total number of files and total storage consumed as well as drill into OneDrive usage for individual users.

Upload larger files, up to 10 GB each

In addition to the new auditing and reporting capabilities, we’re also increasing the per file size limit to 10 GB. This applies to files uploaded to Team Sites, Office 365 Groups and OneDrive for Business, as well as for videos uploaded into the Office 365 Video portal. Office 365 customers no longer need to leave big files stranded on file shares and local hard drives.

Improvements for SharePoint Online and OneDrive for Business 2b

Example of a large CAD file successfully uploaded into a Team Site Document Library in SharePoint Online.

Improvements for SharePoint Online and OneDrive for Business 3b

Example of a large Photoshop image file successfully uploaded to OneDrive for Business.

1 TB additional space for overall pooled SharePoint Online storage allocation

The amount of content in Office 365 is growing 300 percent year over year. To meet your needs for more storage, we’re increasing default storage to 1 TB plus 0.5 GB per user to use across SharePoint Online, Office 365 Groups and Office 365 Video—up from the previous allocation of 10 GB. This is in addition to the unique default per-user OneDrive for Business storage space and individual storage provided for user email inboxes. Office 365 customers on our premium Enterprise, Government and Education plans will receive OneDrive for Business unlimited storage, and we’re pleased to announce that the first stage of providing 5 TB for each user is now complete.

Customers with cloud hybrid search configured now get rights to index one-million items from on-premises SharePoint per each 1 TB of pooled storage. Items indexed in SharePoint Online are already covered within a customer’s Office 365 investment. (Learn more about hybrid search in SharePoint.)

And if you need more storage beyond default allocations, you can purchase additional storage from within the SharePoint Online admin center on a per-gigabyte (GB), per-month basis. You can manage pooled storage per the new usage storage model. All of the above updates are covered in more detail in the SharePoint Online: software boundaries and limits article.

Note: Kiosk and external users do not contribute to the overall tenant storage pool.

Additional service updates

We’ve also made related updates that improve discovery and navigation of your SharePoint intranet, and how email notifications are sent during share- and alert-type actions. These updates include:

  • Sites page refresh—The Recommended Sites have been vastly improved with intelligence from the Office Graph, and you now see Recent Sites listed, making it easier to find sites and portals in Office 365.
  • Exchange Web Services and Exchange Online Protection (EOP)—Now, emails for user-generated actions in SharePoint Online, like when a document is shared, are sent mail from the user’s Exchange Online mailbox, making delivery more reliable and resulting in fewer of these emails landing in the spam folder. For more details, read this article.

Improvements for SharePoint Online and OneDrive for Business 4be

The Office 365 Sites tile now shows Recent Sites and Recommended Sites powered by the Microsoft Graph alongside Promoted Sites managed by admin and Followed Sites selected by users.

We welcome feature requests and feedback via the Office 365 UserVoice, @SharePoint and @Office365 on Twitter and in the comments below. We’re eager to hear your feedback and use it to provide the best experience possible.

—Mark Kashman, senior product manager for the Office 365 team

Frequently asked questions

Q. Do the new auditing and reporting capabilities require a specific Office 365 configuration?

A. In order to use the auditing and reporting capabilities, customers must have Exchange Online.

Q. Does OneDrive for Business offer the ability to control auditing and reporting by country or by tenant?

A. Currently Office 365 auditing and reporting is available at a per-tenant level only. There are no customer-facing controls yet to target by geography.

Q. When can I expect to see these changes applied to my Office 365 tenant?

A. Beginning today, these changes are rolling out to eligible Office 365 business customers worldwide. We expect to be at 100 percent rollout within the coming weeks.

Q. Which Office 365 plans will receive the 1 TB default storage SharePoint Online improvement?

A. Office 365 plans that include SharePoint Online will receive 1 TB of default storage across enterprise, education and government plans.

Top

Join the conversation

31 comments
  1. “Activities include file and folder actions such as view, create, edit, upload, download and delete”

    I’m surprised to see “view” in this list. This was explicitly not part of auditing in SharePoint Online as far as I knew. In addition, View does not show in the Audit Log Search screen shot.

    • Hi Kirk,

      It is there as “Viewed file;” lower right of the ‘files and folder’ activities section. And if you ask me, which here in comments with me as the post author you kinda are (lucky you ;)), ‘view’ activities have been one of the most oft requested activities from admins to be able to track in SPO and ODB. You are right, this was explicitly not possible until this Compliance Center update. Change is good, yes? 🙂

      Thx,
      Mark

      • Hello Mark,

        Just to confirm: It won’t require the organization to activate/turn on auditing on each site collection (since that is the old way of auditing – limited to the other activities as mentioned).

        Meaning if I activate searching audit logs at the tenant level all the view activities for SharePoint files is surfaced (for 90 days) in this method? Regardless of individual site collection audit settings?

        P.S. – We are already consuming this data with our customers in interesting ways (even with only a few hours worth so far). 🙂

        Thank you,
        Richard

        • Correct. If you visit protection.office.com for the first time, you’re asked once to click “Start recording user and admin activities” which activates the feature; note: protection.office.com is a current short link to get to the “Audit log search” as pictured in the blog above, and found under the “Search & Investigation” drop-down; there are a few entry points to get to this portion of the Compliance Center.

          Enjoy the consumption; data tastes good, and is very nutritious!

          This is not the /_layouts you are looking for ;),
          Mark

      • Mark, thanks for the clarification and pointing out what I had missed.

  2. Hello Mark,
    What permissions are needed to view audit logs?

    • You would need to have access to the Office 365 admin center, the gateway to the Compliance Center.

  3. Is site collection auditing still available via /_layouts/15/auditsettings.aspx?
    If so is view going to be available via /_layouts/15/auditsettings.aspx?

    • Hi bcd15a3a8e1cffac,

      To your first question: yes, site collection audit settings via _/layouts is in production and supported.

      To your second question, no. Our current thinking and planning is that auditing and reporting innovation/investments are being centralized in the Compliance Center.

      Thanks,
      Mark

      • Hi Mark,

        Very excited to see the progress being made on analytics in the SharePoint/OneDrive space. While the reporting from the central admin perspective is critical for enterprise auditing and reporting, we frequently receive requests from individual site owners looking for information on their site usage and auditing. We’d like to put this capability in the hands of our users (versus them coming to IT for reports), secured to the analytics for only the sites where they are owners (Full Control).

        Do you see this use case for site owners as part of your future roadmap with auditing/reporting or something companies will have to develop on their own via the published APIs?

        Thanks,
        Shawna

        • Hi Shawna,

          We do think there is a balance of what a site admin can request from the tenant admin, from a reporting pov, and that there, too, is an area of consideration for how the site owner has specific information about activity within their own site, and that they can access with without request reports out of the Compliance Center.

          We’ll have more to say in this space in the coming months. Thanks for the insights into your needs. This helps validate planning and articulate real use cases/requirements.

          Thanks,
          Mark

          • Thanks for the quick and open response Mark. Will look forward to future announcements as the features continue to evolve.

  4. Hello Mark,

    Under the heading “Additional service updates”, you write about user-generated actions now send emails via the Exchange mailbox associated with the user rather than a generic address. For starters, I think that is great news. I would like to know if this change applies to OneDrive for Business sharing? I clicked the KB article to get some more information and it only mentions SharePoint Online throughout the article. However, at the very end, it also states that the KB article applies to OneDrive for Business. Can you add some clarification surrounding this change?

    Thank you,

    Phil

    • Hi Phillip,

      Yes, this does apply to OneDrive for Business. OneDrive for Business is built on top of SharePoint Online and benefits. A share from OneDrive for Business will send an email from the user, not SPO, improving the overall sharing experiences, visibility to your actions and more.

      Hope that helps.

      – Mark

      • How will we know that the tenant has been upgraded with the 10GB file limit?

        cheers

        dave

        • Hi David,

          There is not a visual cue. And we’ve fully rolled this feature out into production (new and existing), so you should have it yesterday :-).

          Thx,
          Mark

      • Thank you, Mark! I’m glad to hear that! This is great news. 🙂

  5. SharePoint Online 1TB does not comes with Business Essential and Business Premium?

    • Hi Jen,

      In fact it does. With Office 365 Business Essentials/Premium, the SharePoint Online component is based on a single site collection, of which has a max capacity of up to 1TB. And per this update, we are providing this amount of pooled storage that is ready to use as you need it. No matter what you do within the site collection (store documents, create lists, create subsides, etc), you’ll have up to 1TB now to work with.

      Hope that helps,
      Mark

  6. Mark

    With regards to OneDrive for business auditing. Is there a way to turn this on via powershell or the GUI for the entire org? I know how to enable it for any user specifically in the site settings, however in a large environment, having to manually go to each users site to enable could be quite cumbersome.

    As quick test I looked at the auditing report for my org and only see the one user who I manually enabled, but not the remaining users.

    Thank you

    • Hi Aaron,

      If you perform the search from the Compliance Center, and you have turned on auditing and reporting, you will be able to search all users’ OneDrive for Business repositories by default, as long as you leave the “Users” text box blank within the “Audit log search” – more here: https://support.office.com/en-US/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c

      The method you describe in site settings refers to the capabilities per site collection, which is not what is described above in the article. The Compliance Center enables the broader scope across people and storage locations for you, and can be scoped down to certain people or places per filtered search.

      Hth,
      Mark

  7. When will be able to get auditing reports for changes made to the O365 Admin Center and other Service Admin Centers, i.e, it would be good to know which admin made changes such as creating a SharePoint Site collection or choosing the O365 Theme.

    • Hi DLGross,

      We do plan to go beyond site actions admins take on site collections and more; actions at the tenant level. We don’t have dates to share, but it is high on our list of additional activities to enable customer auditing and reporting. Thanks for the feedback. I shared this with our engineering teams and they were excited to receive more proof points on where to prioritize future plans and resourcing.

      As of today, you will find numerous site admin audit capabilities within the “Search the audit log in the Office 365 Protection Center” article: https://support.office.com/en-US/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c#siteadminactivities; and as capabilities are added, you will find details and guidance at this same location.

      Cheers,
      Mark

  8. Is there any place to find version history of SharePoint online?

  9. Are there any plans to allow central monitoring of OneDrive for Business client health? It would be great to be able to easily identify when there are OnceDrive for Business sync issues on users PC’s. We have had cases where the sync has stopped working on some users PC’s for a number of months and is only noticed when a member of IT happens to use their PC.

  10. Hi Mark and team,

    Is there any clarity about whether one or *all* users are required to have EOL licenses and/or mailboxes in order to use the auditing and reporting capabilities mentioned above?

    Thanks!
    Ben

    • Yes, at this time, it is required for users to have an Exchange Online license.

Comments are closed.