Announcing new activity logging and reporting capabilities for Office 365

Today’s post was written by Ketaki Deshpande, senior program manager and Tom Kaupe, principal program manager, for Office 365.

As companies move their data to the cloud and employees use a growing number of devices to get their work done, many organizations are facing new challenges across security, privacy and compliance. That’s why we are continually investing to provide our customers with greater visibility into actions taken on their content and greater control over access to their data in Office 365.

We are pleased to announce the rollout of new activity logging and reporting capabilities for Office 365, including the Office 365 activity report, comprehensive logging capability, PowerShell command or cmdlet and a preview of the Office 365 Management Activity API.

Let’s take a look at how each new capability provides you increased transparency, allowing you to monitor and investigate actions taken on your data, and comply with laws and regulations.

Office 365 activity report

The Office 365 activity report enables you to investigate a user’s activity by searching for a user, file or other resource across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory, and then download the activities to a CSV (comma separate values) file. You can filter by date range, user, file/folder and activity type. This feature is especially useful for compliance reporting purposes for companies that are in highly regulated industries such as pharmaceuticals and financial institutions. Please see the Frequently asked questions below for information on when you can expect to see this feature.

Please refer to the Run the Office 365 activity report article that gives you step-by-step instructions on how to use this report.

Announcing new activity logging and reporting capabilities for Office 365 1 v2

Comprehensive logging capability

User and admin activity events are logged across SharePoint Online, One Drive for Business, Exchange Online and Azure Active Directory. This is useful for helping to see what types of files a user has been sharing with others in the organization.

Today, you can search on over 150 events (with more coming soon), including file views, mailbox owner activity, Azure Active Directory log ins and many more. In the future, we plan to expand these capabilities to include activities in other Office 365 services, such as Yammer and Skype for Business.

Please refer to the Run the Office 365 activity report article for step-by-step instructions on how to retrieve this data.

Search PowerShell cmdlet

Another new way to search activity logs is with PowerShell, using the Search-UnifiedAuditLog cmdlet, which enables you to run scoped queries against the audit storage log, such as by date, record type, operation and file extension. This cmdlet also lets you export those logs to a file. For example you could run the following cmdlet to search user activity logs for all events from May 1, 2015 to June 26, 2015:

Search-UnifiedAuditLog -StartDate May 1, 2015 -EndDate June 26, 2015

Please refer to the Search-UnifiedAuditLog article to find out more about this cmdlet and how it can help you form scoped queries to get the data you are looking for.

Management Activity API

Finally, we’re excited to announce the preview of the Office 365 Management Activity API, which allows organizations and other software providers to integrate Office 365 activity data into their security and compliance monitoring and reporting solutions. Visit the Office Dev center to register for the preview. Participation is currently limited, but our goal is to incrementally open the preview to everyone who’s interested.

Also, check out these resources on MSDN to learn more about developing an app using the API:

  • Getting started guide, which walks you through the steps necessary for configuring your application in Azure Active Directory and obtaining admin consent to enable OAuth authentication.

If you have questions about the Activity API or OAuth configuration in Azure Active Directory, please ask your question on Stack Overflow and tag it “office365.”

These new logging and reporting capabilities represent just some of the enhancements we’re delivering to provide you with greater transparency and control over your data in Office 365. For more information about our trust principles and how we manage security, privacy and compliance, please visit the Office 365 trust center at trust.office365.com.

—Ketaki Deshpande and Tom Kaupe

Frequently asked questions

Q. When are these capabilities rolling out to Office 365 customers?

A. These capabilities will be rolling out starting this month. Please check the Office 365 public roadmap to get updates.

Q. How will I know when the new activity logging and reporting capabilities are available for my tenant?

A. Once the functionality rolls out, expect to see the Office 365 activity report link in the Reports section of the Admin Compliance Center. Please refer to the Run the Office 365 activity report article for help on how to use this report.

Announcing new activity logging and reporting capabilities for Office 365 2 v2