Audit: overview

  • Last update on September 6th, 2023

Audit reports act as an exhaustive repository of audit data, chronicling user activities across a range of platforms such as SharePoint, Exchange, Thread Intelligence, Dynamics 365 CRM, Teams, Power BI, OneDrive, Active Directory, and CoreView.

This functionality becomes available once you agree to Microsoft API sharing during your subscription activation. The collection of audit information commences from the day of subscription activation.

The data is accessible for real-time viewing: as Microsoft monitors activities and provides data on them, CoreView simultaneously receives and internally tracks these activities.

The different Audit reports include:

Microsoft 365

The “Audit activities” for Microsoft 365 section offers a comprehensive report of all activities from the Unified Audit Log within your Microsoft 365 tenant. This report serves as an initial reference, which you can refine based on your specific investigation. For instance, you could generate a report detailing all actions undertaken by a particular user over the previous week. While only a subset of details for each event is displayed initially, you can access additional properties in the workload-specific reports.

 
 

Exchange

In the Exchange section, you will find comprehensive reports on audited activities, admin and non-owner mailbox activities, Data Loss Prevention (DLP) actions, “Send As” or “Send on Behalf” activities, and changes to mailbox rights within your Microsoft 365 tenant.

 
 

SharePoint

In the SharePoint section, you will find detailed reports on various activities within your Microsoft 365 tenant. These include audited SharePoint Online activities, external and anonymous invitations, activities performed by external users, Site Collection administrator changes, sharing operations, and Site permission changes. Each category provides a curated view, with additional details available upon selecting the corresponding columns.

 
 

OneDrive

In the OneDrive section, you will find comprehensive reports on OneDrive for Business activities within your Microsoft 365 tenant. These include audited activities, external and anonymous invitations, activities performed by external users, Site Collection provisioning, Data Loss Prevention (DLP) activities, sharing operations, and Site permission changes. Each category offers a curated view, with the option to display additional details by selecting the corresponding columns.

 
 

Threat intelligence

The threat intelligence activities report a report of all Threat Intelligence audited activities within your Microsoft 365 tenant.

 
 

Teams

In the Teams section, you will find detailed reports on all Microsoft Teams activities within your Microsoft 365 tenant. These include audited activities, channel operations, membership operations, team management operations, external and anonymous invitations, activities performed by external users, Site Collection administrator changes, Data Loss Prevention (DLP) activities, sharing operations, and Site permission changes. Each category provides a curated view, with the option to display additional details by selecting the corresponding columns.

 
 

Power BI

 The Power BI activities report provides a report of all Power BI audited activities within your Microsoft 365 tenant.

 
 

Security and compliance activities

Here you are provided with a report of all Microsoft Purview and Microsoft Defender audited activities within your Microsoft 365 tenant.

 
 

CRM

The CRM activities page provides a report of all Dynamics CRM audited activities within your Microsoft 365 tenant.

 
 

Azure AD

In the Azure AD section, you will find comprehensive reports on all Azure AD activities within your Microsoft 365 tenant. These include audited activities, various sign-in events (overall, admin roles, external users, failed attempts), monthly sign-ins by user and app, risky users, risk detections, and sign-ins from anonymous IPs, infected devices, unfamiliar locations, and using legacy protocols. For certain categories, additional details can be displayed by selecting the corresponding columns, and you have the option to display a map (Sign-in: events, with admin roles, external and failed) enable the anonymous data toggle (Sign-in: events, with admin roles, external and failed, from infected devices, from unfamiliar locations, risk detections and impossible to travel to atypical locations).
You may use this section to:

 
 

Power apps

In the Power Apps section, you will find detailed reports on all Power Apps activities within your Microsoft 365 tenant. These include audited activities, creation, launch, and publishing events, as well as permission changes. Each category provides a comprehensive view, with the option to display additional details by selecting the corresponding columns.

 
 

CoreView

In the CoreView audit log section, you will find listed all activities performed in CoreView activities. This allows you to track and monitor actions performed by every operator in CoreView. 

 
 

Common features for audit reports include: